This document will guide you through the steps to secure the authentication of your Cisco ASA solution with PhenixID Server, delivering two-factor authentication through the method of choice, such as SMS, SMTP, Pocket Pass, One Touch, etc.
- PhenixID Server installed and configured as a RADIUS server
- The Scenario will make use of RADIUS, so we need to know the port and shared secret configured on the application being secured with PhenixID Server two-factor authentication.
This document will guide you through the configuration steps to integrate two-factor authentication against Cisco ASA.
Login to PhenixID Administration Portal
We will use one of the scenarios included in the administration portal.
Open a browser and go to https://PhenixidServerIP:8443/config/.
Use the administrator id and password set during installation to login.
Configure PhenixID Server
Configure PhenixID Server for the desired method/methods using the different RADIUS Scenarios in the Administration portal. More information can be found here:
Configure Cisco ASA to use PhenixID Server for two-factor
1 – Start Cisco ASA device manager.
2 – Browse to Configuration, Remote Access VPN, AAA/Local Users, AAA Server Groups and click Add.
3 – Enter a Server Group name, in this example OTPserver, select RADIUS as Protocol and click OK.
4 – Add new radius server to the RADIUS group, select the newly created OTPServer Server Group and click on Add.
5 – Configure Radius Server by setting the Interface name, IP address to OTPserver and the pre-shared key (shared secret) between PhenixID Server and Cisco ASA. Ensure that the RADIUS port is the same as configured on PhenixID Server.
NOTE:Make sure that PAP is set as protocol, if the choice is given.
We have now configured a group ”OTPserver” and defined a Radius Server in this group. This group can now be used as an authentication method.
DISCLAIMERInformation provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.
The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.
PhenixID - support.phenixid.se