2 Factor Authentication for Anyconnect VPN using ISE
We are planning to implement dual factor authentication for Anyconnect VPN. The end users will be authenticated using domain name in machine certificates and username password with ISE used as radius server.
We have the following approaches to achieve this :-
1. Use primary and secondary authentication with user credentials as primary authentication and CN field of the certificate as secondary authentication.However this option prompts users for password for both the fields while we want the machine certificate to authenticate itself without a password.
2. Second approach is to authenticate using user credentials and authorize the user to access the network if the machine certificate has a domain name in CN field which we are able to validate from the AD using Dynamic Access Policy.
We are looking forward for discussions on the above approaches and are open to any other solution.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...