Hi Experts,

Trying to setup POC for remote user VPN with the following behaviour :

- Users login via Anyconnect using their AD username and password

- then PINcode (from Symantec VIP)

ASA will auto-assign the group policy based on the AD group.

What i have in mind for the ASA config :

- AAA server - AD via LDAP (with LDAP mapping)

- AAA server - Symantec VIP via RADIUS

Each tunnel group (based on the mapping) will be assigned to the respective group policy.

But im unsure how i can specify which is 1st or 2nd authentication, i did found a Secondary Authentication config (in the connection profile), is that the right config ?

Tried to find documents with similar setup from Symantec and Cisco bu to no-avail. Appreciate if anyone can point me to the right direction.

TIA