Two factor authentication with CISCO ASA and LoginTC
We bought and installed a CISCO ASA device for the office to create a VPN network to protect access to internal applications and our intranet portal. However, we wanted to ensure the access control was secured with two-factor authentication - and we did it!
We used LoginTC to protect the CISCO ASA remote access sessions. We have posted a doc page on how to do the whole thing at:
Our organization too just deployed LoginTC. I think it's a great product for the price and very easy to setup. If your group is a large ISE environment you will find some challenges
with using LoginTC. In most ISE environments you will point your VPN appliance directly at your internal ISE so you can capture the RADIUS attributes. These attributes can then be used to build very granular policies based on posture etc. The problem with LoginTC is the above URL outlines pointing your VPN appliance directly to the internal LoginTC box first and then send a RADIUS request to ISE or other AD integrated AAA platform.
We have had a number of problems trying to use our ISE as originally intended for VPN along with LogonTC. The problem is getting ISE to make a "AND" RADIUS call to LoginTC after say an internal AD group has been queered. The CyberCor team said they were working to pass the same RADIUS attributes to ISE from the LoginTC box as ISE does natively but we have not seen that as of yet.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :