We are in the process of implementing two factor VPN authentication using WIKID but we are having issues, specifically with our ACS. I use the ACS with the Cisco Remote Agent to provide VPN authentication based on AD. The problem is that I would need the ACS to proxy to my WIKID server to authenticate the PIN. I can setup my VPNSM to radius directly to the WIKID server but then I lose all the grouping and IP parameters I apply to users. On top of that, I would have to go to two places to setup/deactivate a new/terminated employee.
So basically, is there a way for me to use my ACS for Authorization (via Cisco Remote Agent) and forward the username and PIN to the WIKID server for authentication?