Multi Factor Authentication for Cisco AnyConnect: A Look Into Secure Connections

You are currently viewing Multi Factor Authentication for Cisco AnyConnect: A Look Into Secure Connections

Ensuring that your users are connected securely to your VPN and that potential malicious or unwanted actors are fully locked out, is a top priority for information security personnel.

A common concern when it comes to secure connections is if the connection itself is actually secure when logging in. With Cisco Anyconnect and the LoginTC authenticator, you can guarantee that your login process is safe and secure. 

The login process for Cisco Anyconnect follows a simple authentication flow:

  1. User opens their Cisco AnyConnect client, preconfigured to connect to the organization’s Cisco ASA
  2. User enters their username and password and presses Connect
  3. The Cisco ASA receives the username and password and queries the LDAP directory (e.g., Active Directory) using the LDAP bind operation
  4. The Cisco ASA establishes a secure tunnel between the user’s computer and the private network

The simple login process of Cisco Anyconnect is what attracts consumers to this VPN. Logging in is a daily function that all users must undertake, and ensuring the process is as quick and painless as possible is a desirable quality of any critical digital asset or function.

Simplicity can also reduce the attack vectors that hackers are able to access. But as we know, even a simple VPN can be vulnerable to attacks, which is why we need to further secure the login process. With LoginTC, you can ensure that your login process to your Cisco Anyconnect VPN is secure while not compromising your time.

Once you’ve configured your Cisco ASA to use the LoginTC RADIUS Connector for multi-factor authentication, here’s what you can expect the login process to look like:

  1. User opens their Cisco AnyConnect client, preconfigured to connect to the organization’s Cisco ASA
  2. User enters their username and password and presses Connect
  3. The Cisco ASA receives the username and password and sends a RADIUS Access-Request packet, containing the username and password, to the LoginTC RADIUS Connector
  4. The LoginTC RADIUS Connector queries the LDAP directory (e.g., Active Directory) using the LDAP bind operation
  5. If the LDAP bind operation succeeds, the LoginTC RADIUS Connector returns a RADIUS Access-Challenge packet, containing a challenge message, to the Cisco ASA
  6. The Cisco ASA prompts the user with the challenge message (e.g., “Enter your token one-time password or 1 to continue”) and an input field to enter a challenge response
  7. The user enters their one-time password (OTP) shown on their software or hardware token or enters “1” to receive a LoginTC Push request and presses Continue
  8. The Cisco ASA sends a RADIUS Access-Request packet, containing the one-time password to the LoginTC RADIUS Connector
  9. The LoginTC RADIUS Connector validates the one-time password and returns a RADIUS Access-Accept packet to the Cisco ASA
  10. The Cisco ASA establishes a secure tunnel between the user’s computer and the private network

Even though it is a bit of a longer process to sign in with Cisco AnyConnect multi factor authentication, it still proves to be efficient and simple enough that it doesn’t compromise a user’s time or ability to log in. LoginTC made it simple for any user to login while providing that secure connection that users look for. 

Having a secure connection doesn’t have to be difficult. A user should not have to sacrifice efficiency for security. There’s a way to have both and LoginTCs multi-factor authentication solution solves this problem.

Leave a Reply