Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
631
Views
0
Helpful
2
Replies

FTD AnyConnect with Duo authentication and machine certificate authentication. Is it possible? How do you configure?

DaveSzczepanski89800
Level 1
Level 1

‎04-08-2020 10:26 AM

Hello all,

 

Currently I have AnyConnect (4.8.03036) VPN access through a FTD 2120 (6.3.0.3 Build 77) manged by FMC and  authenticating via Duo Authentication proxy service on a MS domain controller. 

 

Is it possible to also use a machine certificate in addition to AD/Duo and only allow company assets with a machine cert to connect?  We have machine certs on the devices that are company owned that were generated by our Domain CA and pushed out via GPO.

 

Thank you!

Labels:
0 Helpful
2 Replies 2

Cristian Matei
VIP Alumni
VIP Alumni

‎04-08-2020 11:38 AM

Hi,

 

   Never tried it with DUO, but i don't see why it wouldn't work. You would specify DUO as your authorization server in the connection profile configuration.

 

Regards,

Cristian Matei.

0 Helpful

Gustavo Medina
Cisco Employee
Cisco Employee
In response to Cristian Matei

‎04-08-2020 09:27 PM

We added double authentication support until 6.4

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/firepower_threat_defense_remote_access_vpns.html#task_ilm_hty_bhb

 

If you upgrade to 6.4 or later you will be able to accomplish cert auth + duo.

 

-Gustavo

0 Helpful
Customers Also Viewed These Support Documents