Re: Anyconnect disconnects if I don't press the accept button of DUO in the mobile

kostasthedelegate · ‎06-03-2020

Hello,

I have a pair of FTD 2110 in HA. The authentication is through ARUBA and DUO.

The problem I have is this. I logon to the VPN and then I have to press accept from the mobile. If I do not accept immediately then Anyconnect disconnects and then multiple requests come to ARUBA and DUO.

The retry interval in the radius server is max 10 seconds. Is there any way to extend another timer so I have a user-friendly

experience?

Thanks and regards,

Konstantinos

Rob Ingram · ‎06-03-2020

Hi,
Under the RADIUS Server configuration (on the FTD) you need to extend the timeout for each RADIUS server, 60 seconds minimum is recommended.

HTH

kostasthedelegate · ‎06-03-2020

Hi Rob,

Thanks for the prompt answer.
I have tried that but it did not change something.
I have one RADIUS server.

Rob Ingram · ‎06-03-2020

What is configured as the RADIUS server? Aruba or DUO? If you are proxying DUO through Aruba, then define a timeout on Aruba RADIUS server aswell.

If not please provide screenshots.

kostasthedelegate · ‎06-03-2020

For Radius I use the Aruba.
So in the FTD you suggest extending the timeout in both servers, right?
Or you are talking about the actual aruba server?

Rob Ingram · ‎06-03-2020

Configure the timeout on the Aruba Clearpass server, under the configuration of Duo radius proxy.

kostasthedelegate · ‎06-11-2020

Hello,

On Aruba, I went to Authentication->Sources->Radius
The server timeout is 30 sec.
Is this what you are referring to?

What is the point of changing it if in the FMC the retry is 10 sec?

Thanks and regards,
Konstantinos

Rob Ingram · ‎06-11-2020

You are using the Aruba to proxy the request to the Duo Proxy server. So the FTD will waiting for a response from Aruba Clearpass, which in turn is wiating to recieve a response from the Duo Proxy. Align the timeouts on all devices.