Configuring Cisco ASA VPN for PingID MFA - PingID

PingID Administration Guide

bundle
pingid
ft:publication_title
PingID Administration Guide
Product_Version_ce
PingID
category
ContentType
Product
Productdocumentation
pingid
ContentType_ce
Product documentation

Configure Cisco ASA VPN to work with PingID multi-factor authentication (MFA).

Configure the necessary settings in PingOne and PingFederate.

Configuring Cisco ASA for MFA involves the following steps:

  • Adding an AAA server group
  • Adding a Radius PCV server configuration
  • One or both of the following steps:
    • Configuring a clientless SSL VPN
    • Configuring the network client profile

The following video describes the configuration process for your Cisco ASA VPN.

  1. In the Cisco ASDM client, create an AAA Server Group to manage the security required for the RADIUS PCV Server configuration.
    1. In the Cisco ASDM client, click Configuration, and then click Remote Access VPN.
      A screen capture of the Configuration tab in the Cisco ASDM client.
    2. In the Remote Access VPN navigation tree, go to AAA/Local Users > AAA Server Groups.
      A screen capture of the Remote Access VPN navigation tree in the Cisco ASDM client. The AAA/Local User and AAS Server Groups sections are highlighted.
    3. In the AAA Server Groups pane, click Add.
      A screen capture of the AAA Server Groups pane in the Cisco ASDM client. A red rectangle highlights the Add button near the top right corner.
      The Add AAA Server Group dialog box opens.
      A screen capture of the Add AAA Server Group dialog box in the Cisco ASDM client.
    4. Enter values for the following parameters:
      • AAA Server Group: Enter the new server group name.
      • Protocol: Select the RADIUS protocol.
      • Accept the default values for all other fields, as shown in the AAA Server Group dialog box.
    5. Click OK.
  2. Add a new RADIUS PCV server configuration to the server group that you just created.
    1. In the AAA Server Groups pane, from the Server Group list, double-click the server group that you created in the previous step.