Remote Access VPN double authentication to AD and RSA based on AD groups using anyconnect
We currently use anyconnect for remote access VPN through an ASA with an ACS RADIUS server configured as a server group. The ACS server uses RADIUS attributes to map users based on AD groups to local ip pools on the ASA.
We recently installed an RSA SecurID server for remote access VPN two factor authentication. I need to force certain users (based on AD groups) to authenticate to the RSA server, while still allowing anyconnect access to the current VPN users. I need to ensure that RSA users will be unable to use their AD credentials for access, but must use their RSA token passcode. I have tried to configure this with Cisco ISE and have been told this is impossible without purchasing a second ASA, which is not an option.
Can this be done on the current ASA? How? Any help would be much appreciated.
Community Live Event Slides
This event talks about Cisco SecureX, its benefits, features, and usage. The session includes sample use cases and live demonstrations.
Cisco expert Luis Silva talks about how this solution can integrate Cisco technology and ...
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Aruba Wireless AP (IAP) to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnect 4....
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Juniper EX 2300 switch to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnec...
At the core of the new Firewall Threat Defense (FTD) software version 7.x, Snort 3 provides faster and superior threat protection and performance, includes better SecureX integration so SecOPS teams can quickly pivot and correlate events from multiple pr...
This article describes the set of logs that can be verified related to SI feeds, starting from configuring to periodic updates.
The information in this document is based on Cisco FMC and FTD that runs software Version 6.6.5 or later.