We are investigating using Microsoft Internet Authentication Server (IAS) to authenticate our remote access vpn users coming in to our Cisco Adaptive Security Appliance (ASA). Based on what we have seen so far, we find the shortcomings listed of using MS IAS as authentication server. However, we understand that SafeWord RemoteAccess solution can integrate with MS IAS and address all/some of the shortcomings below.
1) One-time password with security token
We feel that normal AD user account and password for remote access vpn users is not sufficient. Hence, we are considering to enhance the authentication of our remote access vpn users with a one-time password solution in the form of small hardware based security tokens.
2) Duration based remote access permission
We have a need to grant our travelling users with a predetermined but flexible duration of remote access. We would like to set the end (or expiry) date for some users at the point of granting remote vpn access permission. This can either be an MS IAS integrated solution or one that is part of the one-time password / hardware security token solution.
3) Reports / usage statistics
We would like to have reporting capabilities on usage statistics of our remote access vpn users such as number of remote access vpn users signed on over a period of time, number of sign-on by a particular user over a period of time, max. number of concurent users, max duration of connections, etc.
Would you please advice with a solution