Cisco ASA AnyConnect VPN Integration
Hijacking user credentials poses a risk of unauthorized access to accounts. Nowadays, providing additional security steps to solve such problems is possible with the SecTrail verification server.
In this article, you can find information about two-factor authentication via single-use passwords (SMS, email, soft OTP) for Cisco ASA AnyConnect VPN using SecTrail.
2FA Authentication Process for Cisco ASA AnyConnect VPN
- Credentials are entered on the login screen of Cisco AnyConnect VPN.
- Information (username and password) is sent to SecTrail server via RADIUS request through Cisco AnyConnect VPN
- SecTrail performs user authentication (using Active Directory, Database, etc.) and sends RADIUS response to Cisco AnyConnect VPN. If the authentication is successful, SecTrail sends a one-time password to the address obtained from the user information in the database (AD, LDAP, Local) via SMS or email. An external SMS proxy or email server is used during the sending phase. If a Software Key (SoftOTP) is used, the password is generated through SecTrail Authenticator mobile application.
- If the response is successful, Cisco AnyConnect VPN presents the user with the second screen.
- The user enters the one-time password generated by SMS, E-Mail or SecTrail Authenticator mobile application transmitted by SecTrail,
- Cisco AnyConnect VPN sends the one-time password to SecTrail via a RADIUS request,
- SecTrail verifies the one-time password and sends the response to Cisco AnyConnect VPN through RADIUS.
- If the response is successful, Cisco AnyConnect VPN allows user access and starts the session.
Mobile Application Support
If you want to use SoftOTP, you can ensure your security through the SecTrail Authenticator mobile application.
You can download the SecTrail Authenticator application to your mobile device from the Apple App Store or Google Play Store.