MicroStrategy ONE

Configuring VPNC with MicroStrategy Identity

Perform the following procedure to configure VPNC with MicroStrategy Identity. The procedure assumes that MicroStrategy Identity is used as the primary factor authentication. Thus, users must enter their username and the OTP to authenticate.

SecureAuth RADIUS Service is running on the SecureAuth IdP appliance with Cisco ASA added as a client

Successfully configured a SecureAuth OTP application (SecureAuth Apps & Tools)

Access to Cisco ASA via ASDM

Configuring VPNC with MicroStrategy Identity

  1. Log in to Cisco ASA via ASDM.
  2. Select Configuration > Remote Access VPN > Network (Client) Access > IPsec(IKEv1) Connection Profiles.
  3. Create a new Connection Profile or use an existing Connection Profile and Group Policy.
  4. Enter a Name for the connection profile.
  5. In IKE Peer Authentication, enter a pre-shared key which is used in the users VPN client.
  6. Use an Identity Certificate for the profile.
  7. In the User Authentication area, click Manage to create an AAA authentication for the profile, which is SecureAuthRADIUS.

  1. Under AAA Server Group, click Add.
  2. Enter a name for the AAA Server Group and set the Protocol to RADIUS.
  3. Select the newly created AAA Server Group and click AAA on the bottom section to add the server name.

  1. Enter the following into the Add AAA Server dialog box:
    • Interface Name: ASA interface that communicates with SecureAuth IdP
    • Server Name or IP Address: SecureAuth Server FQDN or IP address
    • Timeout: 60 seconds recommended
    • Server Authentication Port: 1812
    • Server Accounting Port: 1813
    • Retry Interval: 10 Seconds recommended
    • Server Secret Key: SecureAuth Radius Shared Secret
    • Common Password: NONE
    • Microsoft CHAPv2 Capable: Unchecked
  1. Click OK, then click OK again.
  2. Create a Group Policy for the VPN Profile or use the existing profile.
  3. Select the DHCP and Client Address pools for the VPN connection.
  4. Ensure that Enable IPsec Protocol is checked.
  5. On the Connection Profile, expand Advanced and select PPP.
  6. Under the Authentication Protocol Specification, check PAP and click OK.

  1. Save the configuration.
  2. Test that the configuration works properly:

    Log into the VPN using OTP:

    1. Connect to the newly created profile.
    2. When prompted, enter the AD Username and Password.
    3. Enter the OTP code from the SecureAuth OTP App to connect to the VPN.