cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
185
Views
0
Helpful
1
Replies
Larry Smith
Beginner

Remote Access VPN double authentication to AD and RSA based on AD groups using anyconnect

Hello,

We currently use anyconnect for remote access VPN through an ASA with an ACS RADIUS server configured as a server group. The ACS server uses RADIUS attributes to map users based on AD groups to local ip pools on the ASA.

We recently installed an RSA SecurID server for remote access VPN two factor authentication. I need to force certain users (based on AD groups) to authenticate to the RSA server, while still allowing anyconnect access to the current VPN users. I need to ensure that RSA users will be unable to use their AD credentials for access, but must use their RSA token passcode. I have tried to configure this with Cisco ISE and have been told this is impossible without purchasing a second ASA, which is not an option.

Can this be done on the current ASA? How? Any help would be much appreciated.

1 REPLY 1
Florin Barhala
Frequent Contributor

I have exactly the same challenge ahead. Can you guys share some direction points here? I mean some documentation or your implementation knowledge.

Thanks in advance!

Create
Recognize Your Peers
Content for Community-Ad