Jump to content
Welcome to our new Citrix community!

How to enable RSA/MFA for VPN vserver while always on is in use?


Recommended Posts

Hello everyone,


we have the latest ADC 13, we are in a place to change how our VPN works, and we want to have a seamless tunnel establishment using always on

does anyone know how to enable RSA/MFA for VPN vserver while always on is in use? 


if there is any document please share.



thanks everyone.



Link to comment
Share on other sites

  • 2 months later...

i think you will need to configure another vpn vserver for that. for alwayson you configure machine cert based auth directly on the vserver, hence it will be applied to all incoming authentications for this vserver. im not sure if nfactor would work here, but one idea would be to configure the always on vpn vserver on a different port (e.g 8443) and re-use the same ip address for your other configuration on default port 443 where you need the MFA enabled  - that way the users using mfa logon won't need to change to a different port when connecting and the always on VPN can be pre-configured with the corresponding ports, so no user action is needed.


doing both on the same vserver is not possible, atleast not without nfactor. and i don't think (although im not 100% sure) that nfactor will work with always on ssl vpn

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...