Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

rsa authentication

Hi,

Is it possible for cisco ASA to support rsa second factor authentication for server access.

i.e the servers will be accessed from certain network segments, after the first level

username-password prompt , and upon user input of these credentials, the ASA should

prompt again for a second authentication.

Will the ASA prompt for this second authentication?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

rsa authentication

For non-VPN through traffic the ASA supports something known as "aaa authentication match" method. I've not used it personally, only learned about it in CCNP Security material but there is a nice TAC tech note on it here:

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080ba6110.shtml

You should be able to use that with the authentication source (aaa server) being RSA.

3 REPLIES
Hall of Fame Super Silver

rsa authentication

Yes the ASA supports two factor (or more accurately in this case, dual method) authentication. Assuming this is for a remote access VPN, when editing your AnyConnect Connection profile, there is an option under the advanced menu to enable a secondary authentication method.

I believe RSA might insist on being the first method according to one other post I have seen but it can definitely be one of the two methods.

See screenshot below (click to enlarge):

New Member

rsa authentication

Appreciate your reply Marvin, thanks.

This is not exactly for remote VPN , but this is more for server access.

Few servers are connected behind the firewall, admins access these servers for terminal services like ssh etc.

We want the asa to prompt for second authentication ( RSA ) when admins access these servers from network portion.

Please help with inputs.

Hall of Fame Super Silver

rsa authentication

For non-VPN through traffic the ASA supports something known as "aaa authentication match" method. I've not used it personally, only learned about it in CCNP Security material but there is a nice TAC tech note on it here:

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080ba6110.shtml

You should be able to use that with the authentication source (aaa server) being RSA.

688
Views
5
Helpful
3
Replies
CreatePlease to create content