I have a task as below, but encountered an issue. Please help me.
Task: Anyconnect user uses two factor authentication, Duo and ISE internal account
Scenario: AAA on ASA points to Duo Proxy server and Duo Proxy server authenticates to ISE radius server with internal user account. There is no Active Directory authentication.
Issue: ISE log shows "5405 radius request dropped".
When AAA on ASA points to directly ISE, it works well and assign group policy appropriately.
However, when AAA on ASA points to Duo Proxy server, authentication does not work.
I think that radius attribute type does not match between duo proxy and ISE radius because I remember that the log on ISE said data type(?) or radius attribute type(?) does not match.
The Duo Proxy server is registered on ISE with basic profile(?) as "cisco"
Is there anything I need to do?
Most scenario from internet uses Active Directory as an external authentication, but my case is not.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: