Skip to main content


We previously demonstrated how to add a RADIUS server for two-factor authentication to the Cisco ASA 5500 using the ASDM. This document will do the same, but using the command line interface.

First, add the RADIUS server. This could be the WiKID server directly or a RADIUS server such as NPS:

aaa-server WiKID-radius protocol radius
aaa-server WiKID-radius (inside) host
key *****
authentication-port 1812
accounting-port 1813

The key/shared secret is the same as on the RADIUS server (WiKID server or NPS). Be sure to change the port to 1812 as that's been the standard since 2000. Keep this traffic inside the firewall as it is not encrypted. The shared secret/key is only used to encode the traffic.

Then, you need add the server group to a connection profile:

tunnel-group DefaultWEBVPNGroup general-attributes
authentication-server-group WiKID-radius

That's it.


Copyright © WiKID Systems, Inc. 2024 | Two-factor Authentication