Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
892
Views
0
Helpful
6
Replies

Cisco ASA 5510 ADFS

hmdean
Level 1
Level 1

‎12-14-2018 08:20 AM - edited ‎02-21-2020 08:34 AM

Hello All,

I am new to this forum & I'm hoping someone can assist me. I'm desperate! :) I'm a novice when it comes to firewalls & my current Cisco ASA 5510 was set up by someone else before I started this new position. We are using the Cisco ASDM 7.6 software.

We have created an ADFS site so that our end users can use SSO for Box Software. Our ADFS works beautifully internally but when we try to set it up for public facing, nothing is working. Clearly I am doing something wrong, but here's the weird thing. We noticed that our external traffic is being routed to our VPN subnet. I feel like what I'm trying to do is simple: when a user goes to Box.com & selects SSO & types in their email address, I need for it to redirect to our ADFS site. It tries to get there but then errors out with "we can't connect to your server."

Can someone please help me get on the right track. At this point, I have myself so confused, I'm not sure what to do anymore.

 

Thank You In Advance!

0 Helpful
6 Replies 6

Sheraz.Salim
VIP
VIP

‎12-14-2018 09:08 AM

What is ADFS and what is SSO can you be more simple and more technical so we can assist you. 

 

 

please do not forget to rate.
0 Helpful

hmdean
Level 1
Level 1
In response to Sheraz.Salim

‎12-14-2018 09:12 AM

ADFS: Active Directory Federation Services

SSO: Single Sign-On

 

Active Directory Federation Services (ADFS) is a Single Sign-On (SSO) solution created by Microsoft. As a component of Windows Server operating systems, it provides users with authenticated access to applications that are not capable of using Integrated Windows Authentication (IWA) through Active Directory (AD).

Developed to provide flexibility, ADFS gives organizations the ability to control their employees’ accounts while simplifying the user experience: employees only need to remember a single set of credentials to access multiple applications through SSO.

 

Hope this helps.

0 Helpful

Sheraz.Salim
VIP
VIP
In response to hmdean

‎12-14-2018 09:21 AM

Thank you.

 

seem like you have a NAT issue. can you please show us your firewall config. you can hide your public ip address and username/password.

please do not forget to rate.
0 Helpful

hmdean
Level 1
Level 1
In response to Sheraz.Salim

‎12-14-2018 09:33 AM

Are you referring to the running config? The file is very long & I am unsure of what I need to block out. I want to be sure I'm showing the correct information.

 

Thanks.

0 Helpful

Sheraz.Salim
VIP
VIP
In response to hmdean

‎12-14-2018 09:35 AM

ok. can you do packet capture as balaji advise. this would be a useful to start with.

please do not forget to rate.
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎12-14-2018 09:20 AM

Make sure you have all the FW rules in place and capture the logs while they click the box.com and see what is dropping and why federation service fail to authenticate.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card