We have an ASA 5508 running 7.0.4 FTD code and managed by FDM. I used this guide to configure Duo:

https://networkwizkid.com/2021/12/16/configuring-duo-two-factor-authentication-2fa-for-cisco-remote-access-vpns-ra-vpn-using-the-firepower-device-manager-fdm/

This went fine, and within the RADIUS server group, there is a "TEST ALL SERVERS" button. If I press this, I'm prompted to enter username and password, and then a push request pops up on my phone. Everything works fine. Below is a screenshot of the AnyConnect configuration. If no Secondary Identity Source is configured, login works fine. If I set it to use Duo, I'm prompted for a "password" and "second password", but this continues to fail. For the first password, I've used my normal password; second password I've tried ",push" ",passcode" "push" ",push" and I've tried "password,passcode" for the password with nothing in the second password field as well as "password,passcode" in both password field. The behavior is always the same - the AnyConnect login box hangs for several seconds, and then it times out.  I've tried to increase the authentication timeout to 60 seconds, but that doesn't help. Any ideas what the problem might be? Thanks