Showing results for 
Search instead for 
Did you mean: 

DUO Auth Proxy failover

We have integrated our ISE with two DUO authentication proxies (for tacacs access to our switches). We configured a radius token object and added the DUO auth proxies primary and secondary. The timeout configured is 60 seconds with 3 attempts. When test by stopping the DUO auth proxy service on the primary server, the secondary does work but the user is experiencing delay in getting the push notification. 

Is this the correct setup or there is any recommended failover design when we have multiple duo auth proxy servers?.

2 Replies 2

You could do it via a load balancer.
Or shorter timeout and fewer failures before fail over...

Pulkit Mittal
Level 1
Level 1

From duo perspective, the design is okay, however, I would suggest checking with duo support for delay. The duo log file can tell you exactly how much the delay is and what could be the potential reason for it.

If you find this useful, please mark it helpful and accept the solution. 

Quick Links