Summary

This document will guide you through the steps to secure the authentication of your Cisco ASA solution with PhenixID Server, delivering two-factor authentication through the method of choice, such as SMS, SMTP, Pocket Pass, One Touch, etc.

System Requirements

• PhenixID Server installed and configured as a RADIUS server
• The Scenario will make use of RADIUS, so we need to know the port and shared secret configured on the application being secured with PhenixID Server two-factor authentication.

Instruction

Overview

This document will guide you through the configuration steps to integrate two-factor authentication against Cisco ASA.

Login to PhenixID Administration Portal

We will use one of the scenarios included in the administration portal.
Open a browser and go to https://PhenixidServerIP:8443/config/.
Use the administrator id and password set during installation to login.

Configure PhenixID Server

Configure PhenixID Server for the desired method/methods using the different RADIUS Scenarios in the Administration portal. More information can be found here:
PhenixID Documentation

Configure Cisco ASA  to use PhenixID Server for two-factor

1 – Start Cisco ASA device manager.
2 – Browse to Configuration, Remote Access VPN, AAA/Local Users, AAA Server Groups and click Add.

3 – Enter a Server Group name, in this example OTPserver, select RADIUS as Protocol and click OK.

4 – Add new radius server to the RADIUS group, select the newly created OTPServer Server Group and click on Add.

5 – Configure Radius Server by setting the Interface name, IP address to OTPserver and the pre-shared key (shared secret) between PhenixID Server and Cisco ASA. Ensure that the RADIUS port is the same as configured on PhenixID Server.
NOTE:Make sure that PAP is set as protocol, if the choice is given.

We have now configured a group ”OTPserver” and defined a Radius Server in this group. This group can now be used as an authentication method.