Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3933
Views
0
Helpful
9
Replies

Intigration Duo with Cisco Firepower Threat Defense (FTD) VPN with AnyConnect

Go to solution
rebazsalih
Level 1
Level 1

‎09-10-2020 06:46 AM - edited ‎09-11-2020 07:58 AM

Hello

 

I want to implement Duo integration with your Cisco Firepower Threat Defense (FTD) SSL VPN to add two-factor authentication to AnyConnect VPN logins.without using ISE

This Link (  https://duo.com/docs/cisco-firepower ) describs steps on how to do it and explains steps with video.

I following same steps ,but with No luck ,When I enter Username and Password it does not send me any Push and can not login to the Anyconnect,and when I test  aaa-server in Lina engine, it shows below error

ERROR: Authentication Server not responding: No active server found

Note:

  • For intigration Duo Proxy with Active Directory , there is syc between them and we used that for Remote Desktop users and works perfectly, so there is no issue between due and AD
  • there is conectivity between FTD and FMC to the Duo Proxy Server and Active directory

I need help on how to do it ,I tried in diffent ways and configuration but still with no luck,

and I cant find any ducumentation on how to do that from cisco side.

Regards

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎09-10-2020 11:26 AM

Yes I've configured FTD directly with Duo proxy and ISE, both worked.

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Rob Ingram
VIP
VIP

‎09-10-2020 09:48 AM

Hi,

How have you got your Duo proxy setup? Have you correctly configured the authproxy.cfg file?

What is the output of the authproxy.log? Any obvious errors? If so provide the output


HTH

0 Helpful

Go to solution
rebazsalih
Level 1
Level 1

‎09-10-2020 11:20 AM

Thanks Rob for reply,

 

did you configured duo with FTD? I have a concern that it can not be done without ISE. 

 

As I mentioned, I did exactly what is done in the documentation, and I checked the authproxy file  authproxy_connectivity_tool.exe, all services are green and there is  not any error in authproxy.cnf

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎09-10-2020 11:26 AM

Yes I've configured FTD directly with Duo proxy and ISE, both worked.

0 Helpful

Go to solution
rebazsalih
Level 1
Level 1
In response to Rob Ingram

‎09-11-2020 12:33 AM

Can you please share authproxy config file please, 

Or did you take any other steps rather than what is mentioned in the documentation. 

When adding RADIUS aerver in ftd, which one did yoi choos, base on routed or specific interface? 

 

 

0 Helpful

Go to solution
ajay.bhat
Level 1
Level 1
In response to Rob Ingram

‎01-28-2022 07:20 PM

Hi Rob 

Can you please help me setup DUO for anyconnect vpn users. I  have FTD and ISE in production for VPN users. Now we want to Add duo for 2nd factor authentication.

0 Helpful

Go to solution
Javanshir
Level 1
Level 1
In response to ajay.bhat

‎01-21-2024 09:28 PM

Hi are you solve the problem? 

0 Helpful

Go to solution
Javanshir
Level 1
Level 1
In response to Rob Ingram

‎01-21-2024 09:27 PM

Hello can you share me configuration? I use FTD and ISE for client vpn and want DUO for 2FA

0 Helpful

Go to solution
IvanAlvarenga25979
Level 1
Level 1

‎03-18-2021 06:40 AM

Have you configured Cisco DUO using FDM 6.7 ( no FMC ) ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card