cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
731
Views
5
Helpful
3
Replies

FTD VPN Remote Access with ISE and DUO

ivan.martin
Explorer
Explorer

Hi my name is Ivan.

Can you help me to integrate FTD VPN RA AnyConnect with DUO?. I would like to authenticate with Active Directory  and like a secondary method with DUO but whitout doble method of authentication.

In another words, VPN Any Connect just ask us for account AD and the secondary method by passcode DUO.

Is that possible?. Or perhaps always I should use 2 methods?

Can you help me to check the configuration in dashboard DUO and in the file cfg of proxy server? 

Regards, Ivan.

3 Replies 3

Rob Ingram
VIP Expert VIP Expert
VIP Expert

@ivan.martin yes this possible and straight forward. The end users receive an automatic push for 2FA after submitting their primary credentials to AD using the AnyConnect Client.

 

This link explains that scenario, this website also has links to the detailed steps to configure.

https://duo.com/docs/cisco#cisco-identity-services-engine-with-anyconnect

 

Hi Rob. Is a bit confuse because the documentation doesn't explain the case with ISE and FTD. I would like to see the config file of proxy authentication server, what doest it mention? (ad client, radius client, radius server auto?) 

I don't understand which part should we protect?

Do you have any documentation with this scenary?

Regards, Ivan. 

Kelvin-
Cisco Employee
Cisco Employee

Hi Ivan,

 

Yes, this is possible.

 

Please check out the following demonstrations as there are a few ways to achieve this.

https://wp.me/paw7qP-ZE 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers