Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
883
Views
0
Helpful
1
Replies

Anyconnect VPN integration with Cisco DUO without separate AD or RADIUS server

AmeyaThorat63010
Level 1
Level 1

‎01-30-2021 01:11 AM

Hi!

I am planning to deploy Cisco ASA with Anyconnect for enabling remote access VPN. I am also planning to integrate Cisco DUO with Anyconnect for Multifactor Authentication. I want to create local users on ASA for VPN authentication without having a separate Active Directory or RADIUS server. Will Cisco DUO support such scenario where there is not separate Active Directory/RADIUS server for primary? Can Cisco DUO query ASA for verifying username and password before sending request to DUO cloud for Second Factor Authentication?

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎01-30-2021 03:18 AM

Yes that works. The primary authentication runs against the local database and if that succeeds the DUO LDAP is queried for the secondary authentication. I run this scenario at home. 

https://duo.com/docs/cisco#asa-ssl-vpn-using-ldaps

0 Helpful
Customers Also Viewed These Support Documents