Re: Cisco 2 factor authentication

2016-06-27 Thread Ryan Gelobter
We use Phonefactor (now azure authenticator) with anyconnect vpn. It sits in front of LDAP/AD and integrates with it. It an be a PITA but it works. On Wed, Jun 22, 2016 at 3:27 AM, Ray Ludendorff wrote: > Has anyone setup two factor VPN using a Cisco ASA VPN solution? >

Re: Cisco 2 factor authentication

2016-06-26 Thread Tom Smyth
The radius protocol traffic can be encrypted with ipsec policies...if confidentiality of the radius traffic is a concern ( particularly if traversing untrusted networks) On 26 Jun 2016 3:48 a.m., "Jimmy Hess" wrote: > On Wed, Jun 22, 2016 at 9:38 PM, Chris Lawrence >

Re: Cisco 2 factor authentication

2016-06-26 Thread Alan Buxey
As per other statements of such seen elsewhere online, do you have examples or code which will allow the recovery of passwords in a radius exchange? Yes, the shared secret mechanism is widely stated as 'weak' but actively attacked? alan

Re: Cisco 2 factor authentication

2016-06-25 Thread Jimmy Hess
On Wed, Jun 22, 2016 at 9:38 PM, Chris Lawrence wrote: > Any radius based auth works well I've used a solution by secure envoy I the > past which seems to work well they also have soft token apps, hard tokens > plus SMS based. However, a cautionary note there is that

Re: Cisco 2 factor authentication

2016-06-23 Thread Peter Loron
We are in the process of rolling out Okta, including using a second factor for AnyConnect VPN. Works well. -Pete On 6/22/16, 01:27, "NANOG on behalf of Ray Ludendorff" wrote: Has anyone setup two factor VPN using a Cisco ASA VPN

Re: Cisco 2 factor authentication

2016-06-23 Thread Chris Lawrence
Any radius based auth works well I've used a solution by secure envoy I the past which seems to work well they also have soft token apps, hard tokens plus SMS based. Sent from my iPhone > On 23 Jun 2016, at 01:51, Ray Ludendorff wrote: > > Has anyone setup two factor

Cisco 2 factor authentication

2016-06-22 Thread Ray Ludendorff
Has anyone setup two factor VPN using a Cisco ASA VPN solution? What sort of soft client based dual factor authentication options were used for the Cisco VPNs (e.g. Symantec VIP, Google authenticator, Azure authenticator, RSA, etc.) I am trying to find what infrastructure is needed to come up