08-02-2018 06:45 AM
Hi all,
Wondering if we have any documentation on Duo Security integration with ISE with step by step instructions on how to enable this. The requirement is for all admins to authenticate to Cisco WLCs with 2 factor authentication.
Solved! Go to Solution.
08-02-2018 06:53 AM
Another user has a step by step guide here: https://community.cisco.com/t5/security-documents/using-duo-with-ise-2-3-and-acs-5-x-for-2fa-cisco-network-admin/ta-p/3642171
It talks about using it for Admin authentication but could easily be used for User login also.
08-02-2018 06:53 AM
Another user has a step by step guide here: https://community.cisco.com/t5/security-documents/using-duo-with-ise-2-3-and-acs-5-x-for-2fa-cisco-network-admin/ta-p/3642171
It talks about using it for Admin authentication but could easily be used for User login also.
08-02-2018 06:58 AM
02-19-2019 05:31 AM
Addming this for info,
I have also shared on the other pages
I had a look at the ACS/ISE guide which is also shared by duo. I ran into an issue with ISE 2.4 Patch 5. When I added an external ID source I got a lot of error 401 in the DUO proxy log. Our initial login to the devices was via RADIUS not TACACS.
I fixed the issue by configuring the DUO auth proxy as an external radius server with timeout of 60 seconds.
Configured a radius server sequence pointing to the new external RADIUS server.
In the advance options select continue to Authorization policy on access acept
Configured the policy set in ISE to reference the external RADIUS server sequence.
Configured authorization polices as required with different levels of access.
Hope this helps anyone who is struggling to get ISE working with RADIUS MFA from network device. I also believe this would work for other RADIUS base logins via ISE.
02-19-2019 02:16 PM
Hi Martin,
I am interested to know if you tested with Anyconnect to push dACLto the users.
And, your setup, is: ISE and DUO? or vice-versa.
My main goal is to be able to authenticate Anyconnect, with DUO and ISE (which is working) but I cannot push dACLs to the Anyconnect.
Do you have any ideas around this setup? I am using ISE 2.2
Thanks,
09-17-2019 09:16 PM
Hi ,
You can review the below link . -
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide