05-10-2023 02:39 PM
I’m trying to setup Cisco ASA SSL VPN protection using [radius_server_duo_only]
This is the configuration that I want to validate.
[radius_server_duo_only]
ikey=XXXXXXXXXXXXXXXX
skey=XXXXXXXXXXXXXXXXXXXXXXXX
api_host=■■■■■■■■■■■■■■■■■■■■■■■■■■■
failmode=safe
radius_ip_1=172.16.18.10
radius_secret_1=thisisradiussecret
I get below error when I validate from Authentication Proxy Manager installed on Windows 2019 server.
[error] The Auth Proxy was not able to validate the provided API credentials.
[error] Check that the credentials provided for ■■■■■■■■■■■■■■■■■■■■■■■■■■ and ikey XXXXXXXXXXXX are correct.
[debug] Exception: 40301: Access forbidden
[info] The Auth Proxy will be able to accept connections on port 1812 on all interfaces
I verified TLS/SSL connection to api server following below article .
https://help.duo.com/s/article/1336?language=en_US
Browser, telnet, and Invoke-WebRequest test all passed.
I copied Integration key and secret key and API hostname from Cisco ASA SSL VPN application page.
Solved! Go to Solution.
05-12-2023 03:07 PM
I assumed it would be “Cisco ASA SSL VPN” because I was trying to protect Cisco AnyConnect login.
After protecting Cisco Radius VPN, and appling new keys, protection is working now.
Thank you very much for the guidance.
Best regards,
05-12-2023 08:28 AM
Which Duo application did you create for this? You mention a “Cisco ASA SSL VPN” application but if you review our RADIUS ASA instructions they say to create a “Cisco RADIUS VPN” application.
05-12-2023 03:07 PM
I assumed it would be “Cisco ASA SSL VPN” because I was trying to protect Cisco AnyConnect login.
After protecting Cisco Radius VPN, and appling new keys, protection is working now.
Thank you very much for the guidance.
Best regards,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: