Showing results for 
Search instead for 
Did you mean: 

Using Internal IPs in the Authorized Networks Policy

Level 1
Level 1

I was successful in using an internal IP range to grant access based off the Authorized networks policy on an application using RADIUS. However, we are looking at implementing this on an application we want to move to SSO. The documentation says some applications can use internal IPs, but some cant. Does anyone know if the Authorized Networks policy will work correctly with SSO if I use a private IP range?

2 Replies 2

Level 1
Level 1

my experience is no as the SSO from like Azure will always show the public ip of the client... what you have to ask is what is the ip that will be seen by the first SSO based application like example azure -very likely your public ip, then that is what DUO will also see.  I think the cases where it may work are like radius integration where you are integrating with radius and no DUO prompt is required... - also with Duo ADFS where you are doing local AD auth, you can mention in ADFS which networks you dont want to invoke DUO...

Cisco Employee
Cisco Employee

The other responder is correct. We're going to get the external or NATed IP from the client loading the Duo prompt in the browser.

Duo, not DUO.
Quick Links