Multiple login for Remote Access, Cisco VPN and Windows Terminal service

leonleong · ‎10-18-2005

I have a problem. My users have to authenticate 3x times when they access my network. When the user dial-in (AS5350), they authenticate once. After which when they invoke Cisco VPN client (VPN 3020 conncentrator), they authenticate again. After which, when they access the Intranet Application, they authenticate the thrid time when they invoke Microsoft Terminal Services Client. The main problem is that my users are authenticate three times via RSA SecureID (two-factor authentication). Is there any ways to authenticate my users only twice? That is to merge the VPN client & dial-in with the RSA SecureID?

pradeepde · ‎10-24-2005

May I know if this authentication is done via an acs server(RADIUS/TACACS+) or via the vpn concentrator internal database?.If you are using different authentication source for each login(dial-in and vpn client), then u cant skip this 2 authentications.

I think, if both dial-in and vpn concentrator access are both authenticated and authorized via a same source(Ex:a RADIUS SERVER), then you can merge the 2 authenticastions using proper configuration command in the vpn concentrator.

leonleong · ‎10-24-2005

The current authentication is done via RADIUS. I will be tearing down the RADIUS soon. I am thinking of using the RSA SecureID as my authentication mechanism instead.