This went fine, and within the RADIUS server group, there is a "TEST ALL SERVERS" button. If I press this, I'm prompted to enter username and password, and then a push request pops up on my phone. Everything works fine. Below is a screenshot of the AnyConnect configuration. If no Secondary Identity Source is configured, login works fine. If I set it to use Duo, I'm prompted for a "password" and "second password", but this continues to fail. For the first password, I've used my normal password; second password I've tried ",push" ",passcode" "push" ",push" and I've tried "password,passcode" for the password with nothing in the second password field as well as "password,passcode" in both password field. The behavior is always the same - the AnyConnect login box hangs for several seconds, and then it times out. I've tried to increase the authentication timeout to 60 seconds, but that doesn't help. Any ideas what the problem might be? Thanks
I would advise to check on FTD/LINA logs, to make sure that FTD forwarded this request to secondary/Duo server, and also that it actually received RADIUS-REJECT message. If that happens to be the case, next step would be to check logs on Duo Authentication Proxy server, as that one should tell you what happened.