Alternatively, Enable 'Auto Reconnect after Resume' in the An圜onnect profile so that An圜onnect can resume VPN during short network connectivity loss or when user roams from one wi-fi to other wi-fi, or from wi-fi to wired or 3G etc. Thus using certificates alone would allow users to connect without prompting but does not meet the PCI requirement to use two factor authentication.Thus we still need some way for the password to be saved to fully automate connections.Ģ. Use technologies such as remote authentication and dial-in service (RADIUS) terminal access controller access control system (TACACS) with tokens or VPN (based on SSL/TLS or IPSEC) with individual certificates. Then, user will never have to enter passwords.įor those Cisco Customers that must follow the PCI DSS ( ) Section 8.3 states:Ĩ.3 Incorporate two-factor authentication for remote access (network-level access originating from outside the network) to the network by employees, administrators, and third parties. Use certificate authentication and issue user certificates (Either with external CA server or using Local CA on ASA).