Remote VPN - two-factor authentication with Cisco ASA + OpenLDAP
Can somebody give me a pathway (or link to the documentation / how to) to implement two-factor authentication using LDAP username+password AND CERTIFICATE?
To be honest, 'certificates' is a new topic for me, so I do not clearly understand, how could I implement 2-factor authentication using them. Currently our Cisco ASA (5505, 8.4.3) is configured for password authentication using OpenLDAP server (see the configuration attached). We use RemoteVPN with AnyConnect Client (SSL VPN). And I would like to add certificates into authentication process. As I have understood, I need to create a CA Server to create, manage and verify user certificates. (We are not going to use external trustpoint, self-signed certificates are also enough for our security level).
Can I create a CA Server on ASA, but without local user database (still using LDAP to identify users)? Where can I found a guide for it (using CLI, is preferable)? If not, how can I set up such a server with users from LDAP?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...