Multi-factor VPN authentication on ASA

Unanswered Question

Can the ASA be configured to leverage XAuth against both SDI (RSA token) and Windows AD? It seems we can configure only one or the other but not both. For example, if we configure authentication using SDI, the VPN client only prompts for a username and passcode. Is there a way to implement so that we are prompted for a username, passcode (RSA) and password (Windows AD via RADIUS)?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Fri, 01/09/2009 - 16:05


The reason why the asa authenticates to SDI or AD and not both has to do with the fact that you need to have your AD integrated with your Token server, ASA will prompt for username and password and the AD server will instruct the ASA to request token only if this AD has the correct integration with SDI, check google for this features with AD and SDI.


This Discussion