Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3350
Views
0
Helpful
1
Replies

Cisco ISE and Duo Authentication Proxy

dariotmmk
Level 1
Level 1

‎03-16-2020 03:14 PM

Hello all,

I’m writing this post because I have troubles with integrating RADIUS Cisco ISE and DUO Authentication Proxy. I followed the official guide.

I’d also have to point out that in my infrastructure the [radius_client] and [radius_server_auto] are the same device. Cisco ISE.
For this scenario to work, additionally I had to define Network Device in Cisco ISE (Authentication-> Network Resources-> Network Devices).

For this test I have defined user identity that is authenticated against Active Directory.

indent preformatted text by 4 spaces[DuoForwardServer (UDP)] Sending request from [Cisco ISE IP] to radius_server_auto
[DuoForwardServer (UDP)] Received new request id 8 from ([Cisco ISE IP], 48515)
[DuoForwardServer (UDP)] (([Cisco ISE IP], 48515), duoUser, 8): login attempt for username u’duoUser’
[DuoForwardServer (UDP)] Sending request for user u’duoUser’ to ([Cisco ISE IP], 1812) with id 171
[RadiusClient (UDP)] Got response for id 171 from (, 1812); code 3
[RadiusClient (UDP)] (([Cisco ISE IP], 48515), duoUser, 8): Primary credentials rejected - No reply message in packet
[RadiusClient (UDP)] Sending request for user u’duoUser’ to ([Cisco ISE IP], 1812) with id 189
[RadiusClient (UDP)] Got response for id 189 from ([Cisco ISE IP], 1812); code 3
[RadiusClient (UDP)] (([Cisco ISE IP], 48515), duoUser, 8): Primary credentials rejected - No reply message in packet
[RadiusClient (UDP)] (([Cisco ISE IP], 48515), duoUser, 8): Returning response code 3: AccessReject
[RadiusClient (UDP)] (([Cisco ISE IP], 48515), duoUser, 8): Sending response

On the Cisco ISE the log says only to check the External RADIUS logs.

Do you have any idea where I might have a problem?

Thank you.

0 Helpful
1 Reply 1

Amy2
Level 5
Level 5

‎03-24-2020 08:39 AM

Hey @dariotmmk

Looking at this log, I noticed it says “No reply message in packet.” Give the steps in this article a try and see if that works for you?

FYI usually there will be some sort of message after “Primary credentials rejected” that gives a clue as to why/what’s going on. I recommend bookmarking this guide on how to interpret and troubleshoot Duo Authentication Proxy debug logs as it is v. helpful in figuring things out!

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents