This implementation guide describes how to integrate Cisco ASA appliance with the DualShield unified authentication platform in order to add two-factor authentication into the IPSec VPN and SSL VPN login process.
Cisco ASA supports external RADIUS server as its authentication server. DualShield unified authentication platform includes a fully compliant RADIUS server – DualShield Radius Server. DualShield provides a wide selection of portable one-time password tokens in a variety of form factors, ranging from hardware tokens, software tokens, mobile tokens to USB tokens. These include:
- Deepnet SafeID
- Deepnet MobileID
- Deepnet GridID
- Deepnet CryptoKey
- RSA SecurID
- VASCO DigiPass Go
- OATH-compliant OTP tokens
In addition to the support of one-time password, DualShield also supports on-demand password for RADIUS authentication. The product that provides on-demand password in the DualShield platform is Deepnet T-Pass. Deepnet T-Pass is an on-demand, token-less strong authentication that delivers logon passwords via SMS texts, phone calls, twitter direct messages or email messages.
The complete solution consists of the following components:
- Cisco ASA Appliance
- DualShield Radius Server
- DualShield Authentication Server
