Last updated on June 12, 2025
Note: If you are looking for a way to integrate Rublon with Cisco FTD Firepower Firewall, refer to MFA for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall – RADIUS and MFA for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall – LDAP(S).
Overview
Demo Video
Supported Authentication Methods
Demo Video
Before you start
Required Components
- Cisco ASA Firewall with firmware, versions from 9.6(22) up.
- ASDM software, version 7.8(2) or higher.
- Rublon Authentication Proxy
Cisco ASA initial assumptions
- Can communicate with Rublon Authentication Proxy.
- Has a correctly configured “outside” interface.
- Has its own properly configured SSL certificate (you can check it in: Configuration → Remote Access VPN → Clientless SSL VPN Access → Connection Profiles → Access Certificate → Device Certificate).
- Enables access to its configuration by Cisco ASDM application.
Configuration
This section will guide you on how to use Rublon Authentication Proxy with Cisco AnyConnect VPN with ASA if you are using RADIUS as your authentication source.
1. Sign in to your Cisco ASA firewall with ASDM.
2. Click Configuration and then select Remote Access VPN (at the bottom of the page).
3. In the left pane, extend Clientless SSL VPN Access and select Connection Profiles.
4. Select a Connection Profile and click Edit to edit an existing profile or click Add to create a new Connection Profile.

5. Locate the Authentication section and select AAA in Method. Click Manage….
6. Click Add. Set a name for your server group and select RADIUS in Protocol.
7. Set Accounting Mode to Single.
8. Set Reactivation to Depletion.

14. Set Retry Interval to 10 seconds.
15. Enter the RADIUS Secret set in Rublon Authentication Proxy as Server Secret Key in this form.
16. Set ACL Netmask Convert to Standard.

17. Click OK and then click OK again.
18. Go to Configuration → Remote Access VPN → Network (Client) Access → AnyConnect Connection Profiles and check SSL Enabled next to the name of your connection profile.
19. For AnyConnect client and Web connections to work, edit your Group Policy connected to your profile. Go to General → More Options and check Clientless SSL VPN and SSL VPN Client.
20. Click OK, then click OK again, and finally click Apply.
21. Changes will be sent to ASA. Your configuration is complete.
Log in to ASA VPN with Rublon 2FA
This example portrays logging in to Cisco ASA VPN via the Cisco WebVPN page. Mobile Push has been set as the second factor in Rublon Authentication Proxy configuration (AUTH_METHOD was set to push).
1. Open the Cisco WebVPN page.
2. Select your group.
3. Provide your username and password and click Login.


5. Tap APPROVE.
6. You will be logged in to Cisco ASA VPN.
