Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
371
Views
0
Helpful
1
Replies

Remote Access VPN double authentication to AD and RSA based on AD groups using anyconnect

Larry Smith
Level 1
Level 1

‎04-20-2015 11:20 PM - edited ‎02-21-2020 08:11 PM

Hello,

We currently use anyconnect for remote access VPN through an ASA with an ACS RADIUS server configured as a server group. The ACS server uses RADIUS attributes to map users based on AD groups to local ip pools on the ASA.

We recently installed an RSA SecurID server for remote access VPN two factor authentication. I need to force certain users (based on AD groups) to authenticate to the RSA server, while still allowing anyconnect access to the current VPN users. I need to ensure that RSA users will be unable to use their AD credentials for access, but must use their RSA token passcode. I have tried to configure this with Cisco ISE and have been told this is impossible without purchasing a second ASA, which is not an option.

Can this be done on the current ASA? How? Any help would be much appreciated.

2 people had this problem
Labels:
0 Helpful
1 Reply 1

Florin Barhala
Level 6
Level 6

‎07-28-2015 05:01 AM

I have exactly the same challenge ahead. Can you guys share some direction points here? I mean some documentation or your implementation knowledge.

Thanks in advance!

0 Helpful
Customers Also Viewed These Support Documents