Link to home
Start Free TrialLog in
Avatar of bergquistcompany
bergquistcompany

asked on

Deepnet, PhoneFactor, Safenet 2 factor authentication

Hello EE,

We are looking at 3 solutions for our 2nd factor of VPN client into a Cisco ASA 5525 using Radius.  We don't wnat to use any hard tokens and were advised of these and wanted to see if anyone was using any or used to use any of the above would could offer pros/cons, etc.
Avatar of kevinhsieh
kevinhsieh
Flag of United States of America image

I use PhoneFactor to secure user VPN connections through my ASA. It works very well and is straighforward. You just need to configure the ASA to point to your PhoneFactor agent(s) as the RADIUS server. Setup your shared secret like you normally would. Change the timeout from the default 10 seconds to 60.

The PhoneFactor agent(s) then get configured as RADIUS clients to your real RADIUS servers. I use Microsoft Network Protection Services (NPS) that is built into Windows 2008.

I have had only 1 issue with PhoneFactor where we had to recover the database because another administrator didn't know what they were doing. Tech Support was awesome, and recovery was pretty simple. We have never experienced an outage in the service (besides the self-inflicted one). User training has been basically zero, other than telling people to expect and answer the call. I have configured PhoneFactor to appear as if it is coming from our main phone number. The available reporting and searching is pretty darn good. You can see who authenticated to which service and when, which is more visibility into VPN access than what most organizations have.

For me the only downside with PhoneFactor is that I wish it was cheaper. It is nice that the pricing is for the number of active users in a month. If you have 500 potential users but only 25 users who actually connect in a given month, you only need the 25 licenses.

I have never heard of the other two products you mentioned.
Avatar of bergquistcompany
bergquistcompany

ASKER

Excellent thank you.  Have you any experience with the others or does anyone else?

How about issues with paying per text or limitations on coverage with carrier?
As I said before, I don't have experience with two factor other than Phonefactor.

Phonefactor doesn't use text messaging. What do you mean by carrier coverage limitations?
No I was trying to see if I could get any additional feedback on the others.
You have great information on phonefactor.

I was told by their sales "Text Message
PhoneFactor sends the user a text message containing a passcode. The user replies to the text message with the passcode."
ASKER CERTIFIED SOLUTION
Avatar of kevinhsieh
kevinhsieh
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Ok that was another option they had but they were pushing the text.
So with the phone call you don't have users complain about minutes if it's calling their cell phone?
It takes about 3 seconds of airtime. How many times a day do you authenticate? You can always deploy the app, which will take a little bit of data instead of minutes, but the implementation is a little more involved on the backend to setup the web server.
Ok thanks