Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
542
Views
0
Helpful
2
Replies

[error] The Auth Proxy was not able to validate the provided API credentials

Go to solution
byungkook
Beginner
Beginner

‎05-10-2023 02:39 PM

I’m trying to setup Cisco ASA SSL VPN protection using [radius_server_duo_only]

This is the configuration that I want to validate.

[radius_server_duo_only]
ikey=XXXXXXXXXXXXXXXX
skey=XXXXXXXXXXXXXXXXXXXXXXXX
api_host=■■■■■■■■■■■■■■■■■■■■■■■■■■■
failmode=safe
radius_ip_1=172.16.18.10
radius_secret_1=thisisradiussecret

I get below error when I validate from Authentication Proxy Manager installed on Windows 2019 server.

[error] The Auth Proxy was not able to validate the provided API credentials.
[error] Check that the credentials provided for ■■■■■■■■■■■■■■■■■■■■■■■■■■ and ikey XXXXXXXXXXXX are correct.
[debug] Exception: 40301: Access forbidden
[info] The Auth Proxy will be able to accept connections on port 1812 on all interfaces

I verified TLS/SSL connection to api server following below article .

https://help.duo.com/s/article/1336?language=en_US

Browser, telnet, and Invoke-WebRequest test all passed.

I copied Integration key and secret key and API hostname from Cisco ASA SSL VPN application page.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
byungkook
Beginner
Beginner
In response to DuoKristina

‎05-12-2023 03:07 PM

I assumed it would be “Cisco ASA SSL VPN” because I was trying to protect Cisco AnyConnect login.

After protecting Cisco Radius VPN, and appling new keys, protection is working now.

Thank you very much for the guidance.

Best regards,

View solution in original post

0 Helpful
2 Replies 2

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎05-12-2023 08:28 AM

Which Duo application did you create for this? You mention a “Cisco ASA SSL VPN” application but if you review our RADIUS ASA instructions they say to create a “Cisco RADIUS VPN” application.

Duo, not DUO.
0 Helpful

Go to solution
byungkook
Beginner
Beginner
In response to DuoKristina

‎05-12-2023 03:07 PM

I assumed it would be “Cisco ASA SSL VPN” because I was trying to protect Cisco AnyConnect login.

After protecting Cisco Radius VPN, and appling new keys, protection is working now.

Thank you very much for the guidance.

Best regards,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents