cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
266
Views
0
Helpful
0
Replies
Highlighted

anyconnect TFA with Duo and ISE

Hello,

I have a task as below, but encountered an issue. Please help me.

Task: Anyconnect user uses two factor authentication, Duo and ISE internal account

Scenario: AAA on ASA points to Duo Proxy server and Duo Proxy server authenticates to ISE radius server with internal user account. There is no Active Directory authentication.

Issue: ISE log shows "5405 radius request dropped".

 

When AAA on ASA points to directly ISE, it works well and assign group policy appropriately.

However, when AAA on ASA points to Duo Proxy server, authentication does not work.

 

I think that radius attribute type does not match between duo proxy and ISE radius because I remember that the log on ISE said data type(?) or radius attribute type(?) does not match.

The Duo Proxy server is registered on ISE with basic profile(?) as "cisco"

Is there anything I need to do?

 

Most scenario from internet uses Active Directory as an external authentication, but my case is not.

Please help.

0 REPLIES 0