cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
602
Views
0
Helpful
0
Replies
MichaelKim24362
Beginner

anyconnect TFA with Duo and ISE

Hello,

I have a task as below, but encountered an issue. Please help me.

Task: Anyconnect user uses two factor authentication, Duo and ISE internal account

Scenario: AAA on ASA points to Duo Proxy server and Duo Proxy server authenticates to ISE radius server with internal user account. There is no Active Directory authentication.

Issue: ISE log shows "5405 radius request dropped".

 

When AAA on ASA points to directly ISE, it works well and assign group policy appropriately.

However, when AAA on ASA points to Duo Proxy server, authentication does not work.

 

I think that radius attribute type does not match between duo proxy and ISE radius because I remember that the log on ISE said data type(?) or radius attribute type(?) does not match.

The Duo Proxy server is registered on ISE with basic profile(?) as "cisco"

Is there anything I need to do?

 

Most scenario from internet uses Active Directory as an external authentication, but my case is not.

Please help.

0 REPLIES 0
Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE Demo (33%)

Content for Community-Ad