Several protocols on ASA single multifactor authentication?

We currently use the AnyConnect client combined with SecurID from RSA to multifactor authentication for Windows laptops.

We plan to do some portable computers that do not support the software AnyConnect (for example Chromebooks).

Chromebook supports VPN using L2TP/IPsec + preshared key or certificate of the user and their user ID and static password.  There is no user interface provided type of token and SecurID PIN code so SecurID is not supported.

If the native VPN client connection was combined with something like Microsoft Phonefactor Azure Multifactor authentication or Duosecurity operating RADIUS, it would via automated phone call multifactor authentication, SMS or a smartphone app, and the device of Chromebook end user has no need to 'support' directly from this authentication happens on the main server.  All the user needs is the pre-shared key, or name of certificate and username, password and access to their phone.  They connect with their user name and password and then get an automated phone call or text they need to answer to until authentication is allowed.

Can RSA SecurID and multifactorial authentication Azure times be supported in the same time, so AnyConnect use RSA and users without AnyConnect use Azure?

You should be able to do it with different connection profiles, each with their own primary and secondary authentication method.

A (unique) given profile can use only one set of primary and secondary authentication methods.

Either by the way, I used the Duosecurity solution for remote access to a VPN client and thought it was very well done.

Tags: Cisco Security

Similar Questions

  • Photosmart Premium C310a impossible to scan several files into a single file.

    I often send documents several pages by e-mail, and I can't seem to get all pages of the document 1 in 1 file with the C310a. I don't know if it's the printer or HP Solution Center software. I've used both the scan function on the printer and the HP Solution Center and I'm still not able to scan a document of several pages in a single file. Is it still possible more?

    I use Windows 7 64-bit.  I have to do with HP director on my pcs 2355 printer, by simply choosing the more option to check after each page.

    Try again with the steps indicated by the user ScottBrown2011

    * Thanks to this original post by ScottBrown2011 - http://bit.ly/HPscan2011

    I hope that these steps will help you

    * Click the stars KUDOS to say thanks

    * also click on the Solution button if your question is answered.

  • HP Officejet 6500 a how to scan a document with several pages in a single file?

    HP Officejet 6500 a Plus e-All-in-One - E710n

    Windows 7 (64-bit)

    How to scan a document with several pages in a single file?  After each scan, my old printer (psc 2110) asked if I wanted to scan another page.  In the end, I got a PDF with multiple pages.

    This new creates a file for each page, and I can't find a way to create a PDF with multiple pages.

    Hi mpw101,

    You must press the Add/Remove button, to add pages additionla scanned to the existing file. If you do not see this button try decreasing the analysis DPI setting. Let me know if this helps you?

  • HP3545: How to scan document of several pages in a SINGLE PDF file

    Hello
    I recently bought HP3545 AIO printer. I am not able to scan document of several pages in a SINGLE PDF file.
    Help, please.
    ... Reddij

    Hello Reddij,

    Welcome to the HP Forums!

    I understand that you are unable to scan multiple documents in a single file. I'll do my best to help you and to solve this problem. First of all, I need to know what your operating system on your computer? Click here to discover: Windows or Mac?

    I would recommend performing this step of your computer, the HP software. It is much easier to achieve. Please follow this document HP How to digitize. Click on your appropriate operating system, and then click "how to scan multiple pages into a single file. You will notice indicates: (digitization of additional pages is supported at 300 dpi or less.)

    1. Place a document on the scanner glass, and then click Scan your computer.
    2. When the preview scan appears, click the Plus sign ( ) on the left side of the window to scan additional pages. If you do not use an ADF, you must load the next page of the document on the glass of the scanner to add to each additional page.

    I would like to know how your progress. Impatience on your part.

  • Scanning documents from several pages in a single file

    I have a PC HP and attempt at analysis of a document of several pages in a single file of my all-in-one HP Photosmart 5520 but had no chance.  I can't currently is scan each page separately, but not what I need.  What Miss me?  Thank you.

    Hello

    A plus sign (+), not x. Anyway, if you wish, you can use the following product:

    http://www.PDFSam.org/download/

    This free product allows you to divide a large file to many small files (such as the extraction of the chapters of a thick book) and also merge several pdf files into a pdf file.

    Kind regards.

  • Assign several handlers to a single user in Captivate premium

    Is it possible to assign several handlers to a single user in Captivate premium?

    I have a group of users, where I need 3 managers to have access to a group of users (all 3 managers are educators of customer).

    I want to know if I can add three (separated by commas) Manager ID in the CSV download, or if I can perform this action in the user interface of the first, once users have been downloaded.

    Thanks in advance.

    Hello

    We cannot assign several handlers to a user.

    If we add a comma with the Manager separate ID to will gives us the error when loading the CSV.

    Here is the screenshot for the same thing.

    Thank you

  • Several links in the single column

    Hello

    I have a requirement to display several links in the single column.

    Example:

    Select emp_name emp #, total_days days, col3, col4 from table

    Here, I need to display a link beside the example of days

    If day > 100 then display "101 CH" where 101 days value and CH is the URL link which will open a popup page. I can't have another column for the link that we have already several columns. So I need a way to display the link with the value next to him. How can I achieve this?

    try to put it in the source of the region

    Select emp_name, emp #,.

    -case when days > 100 then days | " http://Google.com" target = "_blank" > popup' another to_char (days) end total_days, "

    col3, col4 from table;

    This should display "101 popup" when the days more than 100, no popup link on days<= 100="" e,g="" "99"="">

    and the value of the column total_days to the "Reporting Standard column" to allow html tags.

    Change the href attribute and formatting to meet your requirement

  • How to combine several PDF in a single

    I can't find out how to combine several PDF in a single document with Illustrator.

    Help, please!

    Brooke,

    It depends on your version.

    In older versions (one page PDF), you can

  • I have adobe reader xi and can not find the "create button" in order to combine several files into a single pdf

    I have adobe reader xi and can not find the "create button" in order to combine several files into a single pdf

    Hello

    Reader is software to view PDF' only.

    You must either a pack PDF to perform the function of thin or Acrobat.

    Reader is not the software to perform editing functions.

    Concerning

    Sukrit diallo

  • How can I combine several PDF in a single document

    How can I combine several PDF in a single document

    Hi teekbe143:

    Please visit: http://www.adobe.com/content/dam/Adobe/en/products/acrobat/pdfs/adobe-acrobat-xi-merge-pdf-fichiers-tutoriel-ue.pdf

  • Need for the sql query to have several columns in a single coulumn

    Hi all

    I need create the query to have several columns in a single column with several lines.

    Select a.customer_trx_id, a.previous_customer_trx_id
    of ra_customer_trx_all one
    where a.customer_trx_id =: customer_trx_id

    Here, a.customer_trx_id and a.previous_customer_trx_id are in two columns. I need to put them in a single column.

    Say: the foregoing is output
    --------------------------------------------------------------------------------
    a.customer_trx_id a.previous_customer_trx_id

    --------------------------------------------------------------------------------
    123456 87654

    --------------------------------------------------------------------------------

    Need for a single column

    As


    --------------------------------------------------------------------------------
    123456
    87654

    --------------------------------------------------------------------------------

    Please do the needful. Please note that it is not the UNION.

    Thank you
    Abdul

    Hello

    You want a way to confirm that what looks like two rows is really a line?

    Here are three ways:

    (1) count the lines:

    WITH  my_original_querry     AS
    (
         select  a.customer_trx_id || CHR(13)
                          || a.previous_customer_trx_id     as id
         from      ra_customer_trx_all     a
         where      a.customer_trx_id      = 274881
    )
    SELECT     COUNT (*)
    FROM     my_original_query;
    

    (2) in SQL * Plus, have SQL * more count them for you:

    SET     FEEDBACK     1
    
    select  a.customer_trx_id || CHR(13)
                     || a.previous_customer_trx_id     as id
    from      ra_customer_trx_all     a
    where      a.customer_trx_id      = 274881;
    

    (3) implicitly count them with the ROWNUM Pseudo-column

    select  a.customer_trx_id || CHR(13)
                     || a.previous_customer_trx_id     as id
    ,     ROWNUM
    from      ra_customer_trx_all     a
    where      a.customer_trx_id      = 274881;
    
  • Activation of the NAC HA puts several hosts and ASA with processor clocked at 100%

    I installed a NAC Manager and a NAC server in OOB without any problems, but when I configured the AP (high availability) with another server, my ASA and several guests in my network started work ant 100% of the cpu.

    I tried to configure each interface of the NAC on a single DMZ and the problem stops there.

    -That someone had this problem (NAC version 4.7)

    TKX

    Miguel Amaral

    Hello Miguel.

    When I started a NAC InBand HA solution I had a similar problem that I solved the heart rate HA configuration to use ETH0 just instead use ETH0 and ETH1.

    Best regards

    Luciano Carvalho

  • ASA SSLVPN trustpoints authentication certificate

    Hello

    I have an Asa with a few set up Trustpoints. How can I allow only the client certificates to a trustpoint in a tunnel-group? I've seen client-side settings as a profile connection or certificate-cards, but they don't stop with the right certificate authentications.

    Could I send the client certificate to a RADIUS as with dot1x and check on the authentication server?

    Hi Marcel,.

    First of all, you can use certificate-card on the SAA for a new SSL session link to the connection profile desired.

    However as you said, the ASA will validate a certificate issued by a certification authority (the one for which you have the certification authority in a trustpoint), providing it is indeed valid and optional check CRL alright.

    If for some reason you have a scenario where you want to deny access SSLVPN to users who have a valid certificate issued by a given CA, you can use the card-certificate to bind these new SSL sessions to a "dead end" connection profile that has the maximum session set to 0:

    Example config:

    ! first set the group policy and profile to catch these sessions that should not have access:

    internal DeadEnd_GP group strategy

    attributes of Group Policy DeadEnd_GP

    VPN - concurrent connections 0

    client ssl-VPN-tunnel-Protocol

    remote access to tunnel-group DeadEnd type

    tunnel-group DeadEnd General attributes

    Group Policy - by default-DeadEnd_GP

    tunnel-group DeadEnd webvpn-attributes

    authentication certificate

    ! Then, set the criteria of certificate card, mapping of certificates to a 'good' profile:

    Crypto ca certificate card mycertmap 10

    name of the issuer attr cn eq myIssuer

    Crypto ca certificate card mycertmap 20

    ! This rule is a rule of 'catch-all '.

    ! Finally, define the mapping in the section overall webvpn:

    WebVPN

    Certificate-Group-map mycertmap 10 myProfile1

    Certificate-Group-map mycertmap 20 DeadEnd-profile

    --

    Note that:

    1. in the configuration of certificate card, your ASA will request certificates for SSL connections client-side. If you also have AAA only authenticated profiles, maybe that's a problem - I'm not sure it will work 100% ok, I would need to test.

    2. If you use ASDM, you will find the definition of certificate card in the menu

    Setup > remote access VPN > advanced > certificate Anyconnect and Clientess SSL VPN connection profile cards

    ===

    Secondly, on the use of RADIUS - it is not possible to send the certificate itself to RADIUS (AFAIK), but you can use Radius authorization as an extra step after the validation of the certificate.

    The ASA will extract everything first a username of the client certificate subject name - it is configurable, and can even be in Lua script.

    A Radius access request is sent to extract username - then you will probably need the user to exist on the Radius server.

    In ASDM, you will find this configuration by the connection profile, in advanced, subsection authorization of editing connection profile.

    You may be interested in research in this guide explaining a use case where this authority has been used to allow only certain users who have had a certificate from a national public key infrastructure:

    http://www.Cisco.com/en/us/products/ps6120/products_tech_note09186a00808e00ec.shtml

    In step 6, point L, the authorization is configured.

    It's a pretty old guide remains real, you will see that it uses the LOCAL server for authorization, but apart from that it's the same principle.

    ===

    I hope this helps, please let us know.

    See you soon,.

    Chris

  • Renaming of documents by adding an annex of the commune for the names of existing files on several files in a single folder

    Is it possible to add an annex to the town (for example "-file BL ') existing file name (for example"daily reports1) to several (selected) files in the same folder?  (The example given could therefore be renamed "daily reports - comes from the BL file").  I need to do this to identify the source of documents folder when they are copied into a common folder: to compare with the similar files in other folders for various purposes.  There are a lot of documents in many files, I need to transfer and compare.  A rough estimate, it is that I need to add an annex to the town of 200 files named differently in a single folder and repeat this process for 30 files: with my existing knowledge of XP, this means that I would have use the rename individually on 6000 documents, and if the additional annex has been say 5 characters which would be a minimum of 30 000 key strokes : If adding appendages common to several document names selected in a folder is possible, this might reduce the name change to close to 150 list.

    PLEASE NOTE the multiple rename function where each selected file is the same thing with a renamed after the index number in brackets should not be - the original file name should be kept.

    Hello

    Refer to the link below and check if this may help:http://social.msdn.microsoft.com/Forums/en-US/sqlintegrationservices/thread/1b0deaf4-8416-4e03-aa9c-e3ce1259866b

    With regard to:

    Samhrutha G S - Microsoft technical support.

    Visit our Microsoft answers feedback Forum and let us know what you think.

  • Cisco ASA, RDP plugin authentication

    Hello

    I installed an ASA 5505 (8.0.3) with WEBVPN. I managed to do all this work with SSO (Single Sign On) with the exception of the rdp session terminal. OWA, sharepoint, filebrowsing, SSO is no problem, but I don't seem to make it work with RDP. Somehow it does not translate the rdp session variables. I use CSCO_WEBVPN_USERNAME and CSCO_WEBVPN_PASSORD, but they appear just like that in the name of user and password field. Is it possible to do SSO works for RDP?

    Ofwegen, just to let you know that I do not use a server single signon, auto just signon, and I got it works with the rdp plugin by editing the bookmarks to have the "csco_sso = 1" option in there:

    RDP://myterminalserver/?csco_sso=1

    This works for RDP and ICA plugins.

Maybe you are looking for

  • Merge missing drive

    Factory restore process, I did a 'erase' drive and then reinstalling the operating system (such as you are supposed to do). But now, the fuser unit is missing. Well, it is listed as a Fusion Drive to 1.02, but you cannot select it for the OS reinstal

  • newbie on a vi Lottery question

    I was through the forum and found a few ways to do this, but I have a problem of table: I put mine to generate five initials and door numbers upward award-winning "powerball", but my question is how can I get the table five to see each number in anot

  • I got: "STOP: 0x0000007B when you try to install Windows XP.»

    I want to install windows xp on my computer Hello, I have a toshiba L755D-S5204, I have win 7 on it, but I want to install win xp and I can not install win xp on it... i received: "STOP: 0x0000007B (0xF78D2524, 0 x 0000034, 0x00000000, 0x00000000)",

  • I have a Dell dimension running XP and IE8 will not respond

    I have a Dell Dimension 4500 XP pro and IE8 will not respond.When I click it it flashes up on top of the screen and disappears. To this effect, I can't watch the updates from Microsoft. Any ideas, anyone please? Delete.

  • Configuration of WRH54G in the India to accept the user name and password to go online

    I have router WRH54G and my ISP requires me to give the username and password to go online. How do I alter my router to enable this? Thanks in advance for the help Ravi