06-22-2021 04:28 AM - edited 06-22-2021 04:37 AM
im setting up cisco duo for the first time on asa 5525-x 9.14 . We are currently using anyconnect remote vpn with a tunnel connection profile and a group profile. Can i create a new tunnel connection profile and copy the existing one just change the authentication option? and use the same group profile as well? The goal is to test Cisco duo two factor authentication.
Solved! Go to Solution.
06-22-2021 04:51 AM
Yes, thats a good way to test. That allows the users to continue to work on the old connection profile/tunnel-group whilst you test the duo authentication on a separate tunnel-group.
Yes, you can use the same group-policy.
06-22-2021 04:51 AM
Yes, thats a good way to test. That allows the users to continue to work on the old connection profile/tunnel-group whilst you test the duo authentication on a separate tunnel-group.
Yes, you can use the same group-policy.
06-22-2021 05:18 AM
thanks . But im worried about the ip pool configured as both tunnel profiles use the same ip pool. Would duplicate ip assignment happen accross the tunnel profile? or the asa is aware of what ip are assigned and what are not?
06-22-2021 05:19 AM
@baselzind as its the same ASA, it will know about the IP addreses allocated, so should not clash.
03-06-2024 07:36 AM
Sorry to bring back a dead thread but, I have this same setup and my Duo Group is not showing up when I attempt to connect through the VPN on a Microsoft Surface with the Cisco Secure Client 5.0.00907.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide