cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
211
Views
1
Helpful
2
Replies

Cisco Duo 2nd Authentication is not Popup

dmissai
Level 1
Level 1
Hello Team
 
 
 
I'm currently working on configuring the Cisco Duo Free plan to enable two-factor authentication for remote VPN using Cisco AnyConnect and FTD. I've successfully installed Windows Server, activated AD, and installed Cisco Duo Proxy Manager.
 
However, I'm encountering a challenge with the second authentication on my phone. I've already enrolled both my phone and the user, but the connection is failing. When I log in with the user at AD, it's successful without prompting for the second authentication.
 
Could you please assist me with this?
 
2 Replies 2

This issue solved?

MHM

DuoKristina
Cisco Employee
Cisco Employee

There are LOTS of reasons you could be getting this end result.

Since you mention Duo Authentication proxy and you're on a free plan I have assumed you are setting up the RADIUS config for your FTD.

Your best first step would be to enable debug logging at the Duo Authentication Proxy to see what is happening...
- Does the Duo proxy server receive the incoming RADIUS request from the FTD?
- Does AD authentication succeed (if you are using radius_server_auto with ad_client pointing to your DC)?
- Does the Duo proxy successfully make a POST to the Duo service preauth endpoint and get a response indicating the user can authenticate?
- Does the Duo proxy follow that with a POST to auth to start a MFA request?
- If so, what is the result?

It is worth mentioning that Duo administrator users and Duo end-users are distinct types of users. Activating Duo Mobile for your admin account does not also activate it for you as an end. user. The end user must exist separately in Duo and have its own separate Duo Mobile activation for push to work (this point gets missed sometimes).

These articles will help you:

https://help.duo.com/s/article/1126
https://help.duo.com/s/article/2953

Please don't paste your entire log here. If you want to share a snippet be sure to redact sensitive info like your usernames, server IPs (if they use public addressing), and Duo integration keys and API host name.


> When I log in with the user at AD, it's successful without prompting for the second authentication.

I am not sure why you would expect a Duo auth here. Duo does not directly protect AD logins.

 
Duo, not DUO.
Quick Links