03-05-2020 01:30 PM - edited 03-09-2020 05:35 AM
Hola, ¿es posible habilitar PAP con comunicación con Duo Prsoxy y Ciso ISE?
En la documentación de Duo sobre Fortinet y Palo Alto, es posible activar la opción para especificar el tipo de protocolo que se utilizará para comunicarse con el proxy duo y el NAC, pero en Cisco Ise no encuentro esa opción.
Adjunto mi proxy settings.cfg
registros de Cisco Duo
La configuración que tengo en ISE es:
Usuario local creado especificando que es un usuario Duo.
03-07-2020 09:05 PM
03-09-2020 05:43 AM - edited 03-09-2020 07:05 AM
PAP is available on authentication protocol. Normally ISE receives an authentication request and forward it to your DUO using the protocol. Is this what you want to do?
Answer: Yes, I want to do that, but acordly the logs, I need PAP authentication between ISE and Duo proxy and I can’t find the option for set PAP authentication because I set up radios external(duo)
this is the Web page that i follow:
https://duo.com/docs/ciscoise-radius
I need 802.1x authentication
03-09-2020 07:24 PM
03-13-2020 12:47 PM
Hi, Do you have a guide configuration with that?
I’ve attached the guide configuration that I follow, but in that guide I don’t see the policy section that I need to configured because when I login in the ssid with DUOAG, i can’t do ping to the DAG portal, only can do ping to ISE IP, but when I Access to the dag portal since the wired network, I have Access. I think is a ise policy config
The ISE, AD,DNS,DUOAG are in the same network
03-13-2020 02:06 PM
03-13-2020 03:54 PM
That was the error message that show me after I permit by a push the duo 2fa
03-14-2020 06:07 PM
10-07-2021 03:05 AM
Hi,
I am facing the same problem with duo proxy.
Can you tell me please, were you able to resolve it without using DAG?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: