Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3689
Views
0
Helpful
5
Replies

MFA on ASA 5508

stevep001
Level 1
Level 1

‎05-01-2017 09:03 AM

I do not see anywhere in the help documentation how to require MFA on our VPN. Is it possible?

Labels:
0 Helpful
5 Replies 5

Rahul Govindan
VIP Alumni
VIP Alumni

‎05-01-2017 09:17 AM

Are you talking about the Azure MFA with Anyconnect VPN? The MS guide below should help:

https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-advanced-vpn-configurations

0 Helpful

stevep001
Level 1
Level 1
In response to Rahul Govindan

‎05-01-2017 09:19 AM

No, we do not have Azure. Am I going to have to buy/install other software?

0 Helpful

Rahul Govindan
VIP Alumni
VIP Alumni
In response to stevep001

‎05-01-2017 09:26 AM

The ASA itself can do double authentication - AAA+certificate authentication. The certificate and AAA can be tied in together using the 'pre-fill username from certificate' option to get a pseudo two factor authentication.

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116111-11611-config-double-authen-00.html

For true 2 factor authentication for VPN, it is recommended to use one of the commonly used services. Duo is one of the most common ones I have seen - works very well with the ASA in my experience. 

0 Helpful

stevep001
Level 1
Level 1
In response to Rahul Govindan

‎05-01-2017 10:32 AM

Thanks

0 Helpful

Steph.Kindel
Level 1
Level 1
In response to Rahul Govindan

‎04-26-2018 01:45 PM

Also, Crossmatch has a product called DigitalPersona which offers MFA support for your VPN which includes MFA for windows logon as well. Something worth checking out. 

0 Helpful
Customers Also Viewed These Support Documents