[c-nsp] ASA VPN with Local CA on the ASA

[Ian Henderson]

On 18/08/2011, at 2:54 AM, Jay Nakamura wrote:

> information they store.  But don't have the budget nor resources to
> keep up the current RSA SecureID server which is a bit overkill for
> them.  They thought certificate based auth will be not as good as
> SecureID but better than just user/pass.

There are one-time-password solutions other than SecureID. Check out yubico.com - simple, open source software, cheap hardware ($25USD per user), install your own AES keys (avoids the recent SecureID hack).