[c-nsp] RSA AAA on Cisco ASA

[Erik Witkop]

I have a question about ASA management protocols surrounding AAA.

Here are my requirements:

   1. Two factor authentication when ssh'ing into an ASA firewall
   2. Full command authorization, much like Tacacs+.
   3. Full accounting


Assuming we used a Cisco ACS and an RSA backend server, could we get all 
3 requirements above?

It seems to me that using the radius/sdi protocol, would not give me #2 
above. Hopefully I am wrong and someone can enlighten me.

Any thoughts on how to achieve all 3 requirements for ASA management?