Cisco Support Community
Community Member

Remote VPN - two-factor authentication with Cisco ASA + OpenLDAP

Dear community!

Can somebody give me a pathway (or link to the documentation / how to) to implement two-factor authentication using LDAP username+password AND CERTIFICATE?

To be honest, 'certificates' is a new topic for me, so I do not clearly understand, how could I implement 2-factor authentication using them. Currently our Cisco ASA (5505, 8.4.3) is configured for password authentication using OpenLDAP server (see the configuration attached). We use RemoteVPN with AnyConnect Client (SSL VPN). And I would like to add certificates into authentication process. As I have understood, I need to create a CA Server to create, manage and verify user certificates. (We are not going to use external trustpoint, self-signed certificates are also enough for our security level).

Can I create a CA Server on ASA, but without local user database (still using LDAP to identify users)? Where can I found a guide for it (using CLI, is preferable)? If not, how can I set up such a server with users from LDAP?

Thank You very much in advance,


CreatePlease to create content