Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Two factor authentication using LDAP with AD and SMS on Cisco ASA 8.2.3

Dear Cisco,

we are using Cisco ASA 8.2.3 as RAS solution for our customers. Different kind of authentication mechanisms are already deployed yet.

Now we want to use two factor authentication, where first, user needs to be verified by AD (by secure LDAP) and secondly, user needs to be verified by SMS passcode to SMS text messaging server.

We already created a separate DAP, separate Anyconnect Connection profile, separate Group Policy and separate customization page for this.

I know ASA supports this functionality but when configuring authentication server group and secondary authentication server group together you will have to fill in credentials for both on the Logon page. This is not what we want. We want users to fill in credentials for AD on Logon screen and after this user should receive SMS text message and get (pop-up) second login screen where he can enter the SMS passcode. Then logon process is completed and he should get RAS portal page.

When we test using only primary authentication AD by secure LDAP connection functions. When enabling secondary authentication you have to fill in credentials also on first logon page (instead of second logon page we would like to have). Also then, customer does not see any requests coming in on SMS text message server.

How do we need to configure the RAS environment so that it functions the way we want to?

Kind regards,

Lars Hanssen

  • VPN
New Member

Two factor authentication using LDAP with AD and SMS on Cisco AS

Hi Lars,

If you are using SMS PASSCODE, go to  and ask them to send you the setup guide or walk you through the configuration.

Kind Regards

Lars (@smspasscode).

This widget could not be displayed.