This document describes a scenario in which user is trying ASA to authenticate Anyconnect users with Phonefactor authentication.
IOS V 8.2(1)
In an existing setup user wants that his/her ASA should authenticate Anyconnect users by using Phonefactor authentication.
User need to do following 2 jobs:
Configure ASA for RADIUS
1. Go to file management:
2. Select "Between local PC and Flash.
3. Select the image from your local folder and move it to "disk:0":
4. Finally, define the ASDM image:
5. Quit the active ASDM instance and connect again.
ASA and Phonefactor
For this user need to configure the ASA to send a RADIUS request to PhoneFactor, user have to set the RADIUS timeout there as well so that the ASA doesn't time out waiting for a response from PhoneFactor. So, both the ASA and the AnyConnect client need to have a enough time out for the call to take place and get a response.
By default, AnyConnect waits up to 12 seconds for an authentication from the ASA before terminating the connection attempt. user can modify this value in the XML profile as following: