Solved: How to add MFA using Microsoft NPS and Firepower 2130 with FTD

doukkalli · ‎04-07-2020

Hi,

I configured RA VPN (AnyConnect) using Firepower 2130 FTD and Active Directory. All used belonged to the right group can connect to VPN using AnyConnect. They can access to our ressources (RFC 1918).

When I add Microsoft NPS as Radius servers to force multi-factor authentication no user is able to connect.

What is the best practice to add Microsoft NPS to support MFA on Cisco Firepower 2130 FTD.

All

FTD version: 6.5.0 (last patch)

FMC: 6.5.0 (last patch).

Marvin Rhoads · ‎04-07-2020

Thanks for sharing your solution with the community.

View solution in original post

doukkalli · ‎04-07-2020

I will share a complete setup in a docx or pdf format with screenshot and more.

View solution in original post

doukkalli · ‎04-07-2020

Issue solved.

You must configure the "Connection Request Policy" in Microsoft NPS with only and only the IP address of the inside interface of FTD.

In AAA select RADIUS Server Group in Authentication and Authorization only.

All other options remains unchanged.

Marvin Rhoads · ‎04-07-2020

Thanks for sharing your solution with the community.

doukkalli · ‎04-07-2020

I will share a complete setup in a docx or pdf format with screenshot and more.

PhilScott15166 · ‎11-03-2020

Hi doukkalli,

Thanks for your post, would you be able to share the complete setup doc because I want to double check my Config as I am just getting login failed messages in the AnyConnect client.

Thanks

Phil

IamSamSaul · ‎11-11-2021

Hi Doukkali,

Is it possible to share with us the configuration document with us?

Thanks & Regards,

Sam

DavidBB · ‎11-14-2022

Hi Doukkalli , do you have de docx or PDF ? thank you

vikasgupta2k · ‎06-29-2020

Can you share the solution document, trying to setup same setup and having issues.

Thanks

Michael Proctor · ‎11-15-2021

Can you advise how you were able to get this working?