Hi everyone,
Recently, I've been tasked with setting up a VPN connection with 2FA for a customer with at least 50 users. They used to be just using SSL VPN, which was accomplished simply by setting up a VPN profile in a Cisco ASA 5520, and using Cisco Anyconnect client to establish the connection.
I dont have any experience with setting up 2FA, so am kind of looking around for solutions.
Our first solution was to buy a Fortigate 101E, using Forticlient VPN software, and buying Fortitokens for 2FA. Kind of fuss free, but the one of the most pricey solutions
Second solution was to use an existing Cisco ASA, using Cisco Anyconnect, and setting up a Ubuntu Server installed with FreeRadius, and using Google Authenticator App for 2FA. Literally free solution but requires alot more setup and research.
Third solution is to buy a Fortigate 101E, and consult with a third party vendor to assist with the 2FA setup. They have their own 2FA mobile app and radius server. Based on what they said, forticlient VPN is not able to use their mobile 2fa app, since it does not support Radius authentication. Will have to use OpenVPN instead. We will just have to import their config into our VPN server and client.
Any recommendations or things that I could have missed ? I am under the impression that Cisco Anyconnect can only connect to Cisco ASA, and Forticlient can only be connected to Fortigate VPN.
No comments:
Post a Comment