Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Double authentication using LDAP and RSA

Greeting all

If i`m using double authentication for my SSL VPN with LDAP as primary and RSA as secondary

does the username has to be the same inLDAP and RSA  or do i have to import users from LDAP to RSA...

how it really works ... i can`t find anything in the Config Guide of Cisco regarding double authentication

Thanks

Seif

CCIE#26440

3 REPLIES

Re: Double authentication using LDAP and RSA

Hi,

Is this authentication for VPN clients?

LDAP is only used for authorization, RSA can authenticate.

Federico.

New Member

Re: Double authentication using LDAP and RSA

Hi Federico

I`d like to keep my LDAP for authentication and add RSA for stongest password since i`m using the LDAP to map user to the correct connection profile

Any thoughts?!

Thanks for your reply

Cisco Employee

Re: Double authentication using LDAP and RSA

Hi Self,

by default when you enable double authentication the login form will have 2 username fields and 2 password fields. You can optionally configure the ASA to omit the second username field (then it will use the same username for both authentications - but I understand this is precisely the opposite of what you want so just use the default).

Alternatively (less secure but more convenient for the user) you could just use single authentication against RSA, and add LDAP authorization. The LDAP group mapping should still work and your users will only need to enter one username and (one-time) password.

hth

Herbert

607
Views
0
Helpful
3
Replies
CreatePlease login to create content