Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Two factor authentication with CISCO ASA and LoginTC

We bought and installed a CISCO ASA device for the office to create a  VPN network to protect access to internal applications and our intranet portal. However, we wanted to ensure the access control was secured with two-factor authentication - and we did it!

We used LoginTC to protect the CISCO ASA remote access sessions. We have posted a doc page on how to do the whole thing at:

https://www.logintc.com/docs/connectors/cisco-asa.html

You can get LoginTC for free for under 50 users...


Thanks CISCO ASA team for a great product and superb documentation...

1 REPLY
New Member

Our organization too just

Our organization too just deployed LoginTC. I think it's a great product for the price and very easy to setup. If your group is a large ISE environment you will find some challenges

with using LoginTC. In most ISE environments you will point your VPN appliance directly at your internal ISE so you can capture the RADIUS attributes. These attributes can then be used to build very granular policies based on posture etc.  The problem with LoginTC is the above URL outlines pointing your VPN appliance directly to the internal LoginTC box first and then send a RADIUS request to ISE or other AD integrated AAA platform.

We have had a number of problems trying to use our ISE as originally intended for VPN along with LogonTC. The problem is getting ISE to make a "AND" RADIUS call to LoginTC after say an internal AD group has been queered. The CyberCor team said they were working to pass the same RADIUS attributes to ISE from the LoginTC box as ISE does natively but we have not seen that as of yet.

267
Views
0
Helpful
1
Replies
CreatePlease login to create content