Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
253
Views
0
Helpful
1
Replies

Cisco ISE & Duo native integration

mikiNet
Level 1
Level 1

‎05-19-2025 08:22 AM

Hi All!

I have a question related to Cisco ISE and Cisco DUO native integration. As I know, from ISE 3.3 patch 1 it is possible to implement native integration with DUO. From this document:

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-33/221232-configure-ise-3-3-native-multi-factor-au.html

I see section about limitation, but from my perspective only this is necessary info:

"Only the following multifactor authentication use cases are supported:

  • VPN user authentication
  • TACACS+ admin access authentication"

At this point, I using Cisco ISE as a RADIUS server for  authentication (AAA) to my all switches (I don't have TACACS license).

Looking on the limitations for ISE and DUO integration, in theory, it is not possible to use DUO as a MFA during authentication to switches, but it is little strange because on the inside authentication for VPN it is also RADIUS (ASA->ISE).

Question is: Is it possible to do configuration using native integration between ISE and DUO to use it for authentication to switches ? If not, why ? so why for VPN is working but for AAA to switches no ? 

 

0 Helpful
1 Reply 1

ahollifield
VIP
VIP

‎05-19-2025 08:33 AM - edited ‎05-19-2025 08:33 AM

It may work but you won't have official TAC support. 3.4 also has the same note in the admin guide:

https://www.cisco.com/c/en/us/td/docs/security/ise/3-4/admin_guide/b_ise_admin_3_4/b_ISE_admin_segmentation.html#integrate-duo-with-cisco-ise

0 Helpful
Customers Also Viewed These Support Documents