Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
866
Views
0
Helpful
3
Replies

Double authentication using LDAP and RSA

Seifeddine-Tlili
Level 1
Level 1

‎11-11-2010 09:33 AM

Greeting all

If i`m using double authentication for my SSL VPN with LDAP as primary and RSA as secondary

does the username has to be the same inLDAP and RSA  or do i have to import users from LDAP to RSA...

how it really works ... i can`t find anything in the Config Guide of Cisco regarding double authentication

Thanks

Seif

CCIE#26440

Labels:
0 Helpful
3 Replies 3

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎11-11-2010 09:38 AM

Hi,

Is this authentication for VPN clients?

LDAP is only used for authorization, RSA can authenticate.

Federico.

0 Helpful

Seifeddine-Tlili
Level 1
Level 1
In response to Federico Coto Fajardo

‎11-11-2010 12:12 PM

Hi Federico

I`d like to keep my LDAP for authentication and add RSA for stongest password since i`m using the LDAP to map user to the correct connection profile

Any thoughts?!

Thanks for your reply

0 Helpful

Herbert Baerten
Cisco Employee
Cisco Employee
In response to Seifeddine-Tlili

‎11-11-2010 01:53 PM

Hi Self,

by default when you enable double authentication the login form will have 2 username fields and 2 password fields. You can optionally configure the ASA to omit the second username field (then it will use the same username for both authentications - but I understand this is precisely the opposite of what you want so just use the default).

Alternatively (less secure but more convenient for the user) you could just use single authentication against RSA, and add LDAP authorization. The LDAP group mapping should still work and your users will only need to enter one username and (one-time) password.

hth

Herbert

0 Helpful
Customers Also Viewed These Support Documents