cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
254
Views
0
Helpful
1
Replies

AnyConnect w Duo - works with "TEST ALL SERVERS" button; not client

ABaker94985
Beginner
Beginner

We have an ASA 5508 running 7.0.4 FTD code and managed by FDM. I used this guide to configure Duo:

https://networkwizkid.com/2021/12/16/configuring-duo-two-factor-authentication-2fa-for-cisco-remote-access-vpns-ra-vpn-using-the-firepower-device-manager-fdm/

This went fine, and within the RADIUS server group, there is a "TEST ALL SERVERS" button. If I press this, I'm prompted to enter username and password, and then a push request pops up on my phone. Everything works fine. Below is a screenshot of the AnyConnect configuration. If no Secondary Identity Source is configured, login works fine. If I set it to use Duo, I'm prompted for a "password" and "second password", but this continues to fail. For the first password, I've used my normal password; second password I've tried ",push" ",passcode" "push" ",push" and I've tried "password,passcode" for the password with nothing in the second password field as well as "password,passcode" in both password field. The behavior is always the same - the AnyConnect login box hangs for several seconds, and then it times out.  I've tried to increase the authentication timeout to 60 seconds, but that doesn't help. Any ideas what the problem might be? Thanks

ABaker94985_0-1670540585844.png

 

1 Reply 1

Milos_Jovanovic
VIP Engager VIP Engager
VIP Engager

Hi @ABaker94985,

I would advise to check on FTD/LINA logs, to make sure that FTD forwarded this request to secondary/Duo server, and also that it actually received RADIUS-REJECT message. If that happens to be the case, next step would be to check logs on Duo Authentication Proxy server, as that one should tell you what happened.

Kind regards,

Milos

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers