Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
992
Views
0
Helpful
3
Replies

Query regarding anyconnect Vpn client

Netplace Support
Level 1
Level 1

‎09-02-2019 01:42 AM

Hi All,

 

Having some queries regarding setup of Cisco anyconnect Vpn client, it would be great for me if anyone would help me

 

1) Can I restrict a user to download anyconnect client software via webvpn after user enter their login credentials using local/Ldap server.

 

2) is it Cisco ASA supports any third party 2FA application i.e innefu for anyconnect user to authenticate for 2FA

 

 

Labels:
0 Helpful
3 Replies 3

Nüüül
Level 1
Level 1

‎09-02-2019 01:57 AM - edited ‎09-02-2019 01:59 AM

Hi

 

in general 2FA is supported. as most solutions are set up as radius server and the ASA will just send the "password" entered in the second Password field to the radius server. Or like DUO, LDAPS is used. 

Brief description here:

https://duo.com/docs/cisco

Another solution would be (Thales/Gemalto) SafeNet, or RSA, or Microsoft MFA. 

These are solutions for OneTimePasswords, Assuming you meant this as 2FA. You also can use certificates or another LDAP Directory as 2nd factor. 

 

 

 

 

at 1)

you want all users to download the anyconnect client when logged in? or only some?

when these user groups have separate Group Policies tied, you can set it at AnyConnect Profile file, by (un-)checking Auto-Update for the appropriate group policy.

 

 

 

0 Helpful

Netplace Support
Level 1
Level 1
In response to Nüüül

‎09-02-2019 03:07 AM

Hi Nuuul,

 

Thanks for your reply. Please find my remarks below

1)y want all users to download the anyconnect client when logged in? or only some?

Ans- Want only the users who I have authorized can download anyconnect client software after login in anyconnect webvpn.

 

Also do you please elaborate your below point :-

when these user groups have separate Group Policies tied, you can set it at AnyConnect Profile file, by (un-)checking Auto-Update for the appropriate group policy

 

 

 

 

0 Helpful

Dinesh Moudgil
Cisco Employee
Cisco Employee

‎09-02-2019 03:06 AM

Hi,

Here is a document for Two factor authentication configuration on an ASA
https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/213931-configure-anyconnect-secure-mobility-cli.html

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.
Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful
Customers Also Viewed These Support Documents