Solved: Re: [error] The Auth Proxy was not able to validate the provided API credentials

byungkook · ‎05-10-2023

I’m trying to setup Cisco ASA SSL VPN protection using [radius_server_duo_only]

This is the configuration that I want to validate.

[radius_server_duo_only]
ikey=XXXXXXXXXXXXXXXX
skey=XXXXXXXXXXXXXXXXXXXXXXXX
api_host=■■■■■■■■■■■■■■■■■■■■■■■■■■■
failmode=safe
radius_ip_1=172.16.18.10
radius_secret_1=thisisradiussecret

I get below error when I validate from Authentication Proxy Manager installed on Windows 2019 server.

[error] The Auth Proxy was not able to validate the provided API credentials.
[error] Check that the credentials provided for ■■■■■■■■■■■■■■■■■■■■■■■■■■ and ikey XXXXXXXXXXXX are correct.
[debug] Exception: 40301: Access forbidden
[info] The Auth Proxy will be able to accept connections on port 1812 on all interfaces

I verified TLS/SSL connection to api server following below article .

https://help.duo.com/s/article/1336?language=en_US

Browser, telnet, and Invoke-WebRequest test all passed.

I copied Integration key and secret key and API hostname from Cisco ASA SSL VPN application page.

byungkook · ‎05-12-2023

I assumed it would be “Cisco ASA SSL VPN” because I was trying to protect Cisco AnyConnect login.

After protecting Cisco Radius VPN, and appling new keys, protection is working now.

Thank you very much for the guidance.

Best regards,

View solution in original post

DuoKristina · ‎05-12-2023

Which Duo application did you create for this? You mention a “Cisco ASA SSL VPN” application but if you review our RADIUS ASA instructions they say to create a “Cisco RADIUS VPN” application.

Duo, not DUO.

byungkook · ‎05-12-2023

I assumed it would be “Cisco ASA SSL VPN” because I was trying to protect Cisco AnyConnect login.

After protecting Cisco Radius VPN, and appling new keys, protection is working now.

Thank you very much for the guidance.

Best regards,