Autentication of users

Unanswered Question
May 5th, 2010


I am setting up a test lab where the users will connect to a ASA 8.3 with SSL VPN Anyconnect. I have tested to se that the user can login with with name/password that is in the local database in the ASA, but we need to use one time passowords with RSA hardware tokens and have the users in a Windows AD and I have no ide how to configure that.

Behind the ASA I will have an ACS server that will point to the RSA server and a Windows AD. Do you have any configuration guides on this? It is mostly the config in ASA that I need a guide for, since I never really worked with ASA before. How do I get the Anyconnect to promt for username, password and RSA password?

I have never used Anyconnect before ether.

I am using ASA 5520 8.3 with ASDM 6.3, ACS 4.2, RSA 7.1 (or 6.1) and Windows 2003 enterprise.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pvn050011 Sat, 05/08/2010 - 02:05

Thanks that helped abit. Now it works like this:

1. User enters the IP of the ASA and gets promted for username and password, that is located in a Windows AD.

2. The authentication request is forwarded from the ASA to an ACS using TACACS+

3. The ACS checks in the Windows AD if the user is valid

4. If valid then Anyconnect is downloaded fråm the ASA to the users computer and the VPN is working.

Now I want to have this working with RSA SecurID token. How do I enable this in the ASA and the ACS? Do I still use TACACS+ between the ASA and the ACS or should I change it to SDI?

I can't seem to find any good guide on how to configure this. Atleast not with the users in AD.


This Discussion