А couple of weeks ago I received a notification that the EOL for Duo LDAP cloud service (LDAPS) is approaching.
I found a migration path that solves the problem on the site. RADIUS 2FA for Cisco ASA SSL VPNs | Duo Security
but I have a couple of questions that are not very clear to me after reading and watching the video.
Is radius a necessary step?
In the video example the radius is used as a protocol, in the ASA setting it is selected in the drop-down menu for AAA server group.
If my environment don’t have radius, is AD enough?
additional: the part that confuses me
“This Duo proxy server will receive incoming RADIUS requests from your Cisco ASA SSL VPN, contact your existing local LDAP/AD or RADIUS server to perform primary authentication if necessary, and then contact Duo’s cloud service for secondary authentication.”