Cisco Anyconnect 2FA

Muenz, Michael m.muenz at spam-fetish.org
Sat Jan 7 12:08:17 CET 2017


Am 05.01.2017 um 23:52 schrieb Stefan Schlesinger:
> Hi,
>
> we are trying to implement 2FA for Cisco ASA Anyconnect VPN clients.
>
> The ASA supports a “secondary password” input, so the dialog asks for a username, a password and another password. The ASA is going to fire off an Access-Request for each of the passwords. The first one with the users password and if successful, a subsequent request, which should contain the one time authentication token.
>
> We couldn’t figure out yet how to authenticate the subsequent request against a different authentication module, especially because they both look the same, besides the Request Id.
>
> Can anyone help out how to handle the latter different from the first request in an unlang config?
>
Do you really want to use the econdary password option?
I'd rather use a real 2FA system like privacyIDEA which uses FreeRadius.

Michael


More information about the Freeradius-Users mailing list