11-11-2010 09:33 AM
Greeting all
If i`m using double authentication for my SSL VPN with LDAP as primary and RSA as secondary
does the username has to be the same inLDAP and RSA or do i have to import users from LDAP to RSA...
how it really works ... i can`t find anything in the Config Guide of Cisco regarding double authentication
Thanks
Seif
CCIE#26440
11-11-2010 09:38 AM
Hi,
Is this authentication for VPN clients?
LDAP is only used for authorization, RSA can authenticate.
Federico.
11-11-2010 12:12 PM
Hi Federico
I`d like to keep my LDAP for authentication and add RSA for stongest password since i`m using the LDAP to map user to the correct connection profile
Any thoughts?!
Thanks for your reply
11-11-2010 01:53 PM
Hi Self,
by default when you enable double authentication the login form will have 2 username fields and 2 password fields. You can optionally configure the ASA to omit the second username field (then it will use the same username for both authentications - but I understand this is precisely the opposite of what you want so just use the default).
Alternatively (less secure but more convenient for the user) you could just use single authentication against RSA, and add LDAP authorization. The LDAP group mapping should still work and your users will only need to enter one username and (one-time) password.
hth
Herbert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide