Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to make ASA use with 2-factor authentication

Hi all,

How can ASA work with external 2-factor authentication, i.e. like RSA?

1. Can we setup as ASA<-->RSA server

or

2. ASA<-->Cisco ACS<-->RSA server??

Thanks a lot in advance.

Regards,

mak

2 REPLIES
New Member

Re: How to make ASA use with 2-factor authentication

Hi Mak,

If you have already a Cisco ACS server there, it will be advisable to do the AAA through it [via TACACS+] and forward the user authentication [in Cisco ACS] to an external [password] database server like the RSA ACE server [via the SDI plug-in in Cisco ACS].

That is, on the ASA box implement AAA via TACACS+ [running on your Cisco ACS server] and verify the Authentication via the Cisco ACS database.

Then, in the Cisco ACS server configuration, firstly configure an external database server --via the SDI server plug-in- to forward the requests to your RSA ACE server, and then configure the required [ASA] users to verify their password on this external [password database] server.

Daniel

Re: How to make ASA use with 2-factor authentication

ASA supports additional AAA server types - kerberos, ldap, nt, radius, sdi, or tacacs+. See http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/aaa.htm#wp1053066

I have done RSA token server by using RADIUS - with ACS between, and also direct PIX-RSA.

214
Views
0
Helpful
2
Replies
CreatePlease login to create content