Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
581
Views
0
Helpful
1
Replies

Two factor authentication with CISCO ASA and LoginTC

hernan.matute
Level 1
Level 1

‎07-02-2013 06:55 PM

We bought and installed a CISCO ASA device for the office to create a  VPN network to protect access to internal applications and our intranet portal. However, we wanted to ensure the access control was secured with two-factor authentication - and we did it!

We used LoginTC to protect the CISCO ASA remote access sessions. We have posted a doc page on how to do the whole thing at:

https://www.logintc.com/docs/connectors/cisco-asa.html

You can get LoginTC for free for under 50 users...


Thanks CISCO ASA team for a great product and superb documentation...

1 person had this problem
Labels:
0 Helpful
1 Reply 1

jaycambern
Level 1
Level 1

‎01-29-2016 10:56 AM

Our organization too just deployed LoginTC. I think it's a great product for the price and very easy to setup. If your group is a large ISE environment you will find some challenges

with using LoginTC. In most ISE environments you will point your VPN appliance directly at your internal ISE so you can capture the RADIUS attributes. These attributes can then be used to build very granular policies based on posture etc.  The problem with LoginTC is the above URL outlines pointing your VPN appliance directly to the internal LoginTC box first and then send a RADIUS request to ISE or other AD integrated AAA platform.

We have had a number of problems trying to use our ISE as originally intended for VPN along with LogonTC. The problem is getting ISE to make a "AND" RADIUS call to LoginTC after say an internal AD group has been queered. The CyberCor team said they were working to pass the same RADIUS attributes to ISE from the LoginTC box as ISE does natively but we have not seen that as of yet.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents