Want to understand about pre-requisites and flow for Bigip APM browser based sslvpn with RSA smart card and token

Question

Dear Friends,&nbsp;
I just wanted to understand about ssl vpn(only browser based) with RSA.what could be the flow and pre-requisites in this case? first authentication method would be Active directory and second would be RSA.&nbsp;
appreciate any help or reply.&nbsp;
Regards&nbsp;
Prak &nbsp;

yann_desmarest_ · Answer

Hi,&nbsp;
In terms of pure security, I would recommend to set a login page with 3 fields (username, password, 2-factor) and authenticate first for the RSA token (using RSA native AAA or Radius Auth), then if 2-factor auth is successful, do the AD authentication.&nbsp;
In terms of configuration, you can use the following as an example : &nbsp;
https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-5-0/6.html&nbsp;

yann_desmarest · Answer

Hi,&nbsp;
In terms of pure security, I would recommend to set a login page with 3 fields (username, password, 2-factor) and authenticate first for the RSA token (using RSA native AAA or Radius Auth), then if 2-factor auth is successful, do the AD authentication.&nbsp;
In terms of configuration, you can use the following as an example : &nbsp;
https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-5-0/6.html&nbsp;

harry1 · Answer

Thanks Yann, actually i was also looking this same manual. i just wanted to draw a flowchart or steps that when external user will hit the vpn fqdn then what will be the flow ?

harry1 · Answer

Thanks Yann, actually i was also looking this same manual. i just wanted to draw a flowchart or steps that when external user will hit the vpn fqdn then what will be the flow ?

harry1 · Answer

as per my understanding, we can configure both dual factor as per requirement. i mean either we can enforce first authentication as a secure auth and second would be AD as per customer requirement or vice-versa . please correct if i am wrong.

Forum Discussion

Want to understand about pre-requisites and flow for Bigip APM browser based sslvpn with RSA smart card and token

7 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

error code 503 redirect irule

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

OWA File Upload URIs for WAF Bypass

F5 AWAF/ASM learning only from Trusted traffic?

F5OS VLAN naming length restrictions

Related Content

Understanding iApps

Understanding IPSec IKEv2 negotiation on Wireshark

Understanding IPSec IKEv1 negotiation on Wireshark

Understanding Performance Metrics and Network Traffic

Understanding Modern Application Architecture - Part 1

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS