![]() ![]() Make sure you check the box “use primary username (Hide secondary username on login page)”. Select the newly created server group DuoDemo. ![]() Click the Advanced Drop-down arrow and click “Secondary Authentication” Select the desired profile that you would like to modify and click “edit”. Now Navigate using the “Client SSL VPN Access” drop-down arrow to “Connection Profiles”. Next we will copy the secret key from the Duo Security Admin Panel into the “Login Password” field. Now copy the Base DN and the Login DN from the Duo Security Cisco documentation. Next select the checkbox to “enable LDAP over SSL”. Now copy the “API Hostname” from the Duo Security Cisco documentation for the “Server Name”. Now highlight the newly created “AAA Server Group” and on the bottom right click “add” under “Servers in the selected group”. Select “LDAP” from the “protocol” drop-down and click ok. We’ll call the “AAA Server Group DuoDemo”. Create a new “AAA Server Group” by clicking “add”. Click the drop-down arrow for “AAA/Local Users” and select “AAA Server Groups”. Now we are going to add the Duo Security authentication service. ![]() In the “Text:” field we are going to copy the script provided in the Duo Security documentation. Click on the “Title Page” which is nested under the “Logon Page”. We are going to click on the default customization object and click edit. Now click on “Customization” and select the “customization object” that you would like to modify. Under “Require authentication to access its content?” select “No” and confirm the Web Content Path reads “DUO-Cisco-v1.js”. ![]() Click “Browse Files” and select the “Duo Cisco Package” downloaded earlier. Select “Web Contents” and then pick “Import”. Click the drop-down arrows for “Clientless SSL VPN Access” and then “Portal”. Once you are logged in, select the “configuration” tab at the top of the page, then on the “Remote Access VPN” tab. Now, let’s log into our Cisco ASA ASDM and configure the connection we’re protecting with Duo Security. Then click on the “Cisco Integration Instructions”, which gives step-by-step directions on how to set up Duo on your Cisco VPN, as well as the provided settings for “LDAP Server Name”, “Base DN” and “Login DN” that will be used for the integration. Extract the downloaded zip file so that the file is ready for use. You’ll be directed to a page to “download the Duo Cisco package”, which you can do by clicking the link at the top of the page. You’ve created the VPN integration in Duo, so now we need to configure it. Then click the “Add Integration” button to save it. Click on the “New Integration” button and set the “Integration Type” to “Cisco SSL VPN” I’ll give it a name of “Duo Demo” for this tutorial. Once there, click on the “Integrations” tab in the left column. To get started, the first step is to log into your web-based Duo Admin Interface. Here's the minute by minute rundown of how to add Duo two-factor authentication to your Cisco VPN First Minute: The video demonstrates how to use Duo’s drop-in integration package to secure a Cisco ASA VPN. How easy? Our latest demo video walks you through installation and setup in less than 5 minutes. Industry news JSteve Fawcett Video Demonstration: Add Two-Factor Authentication to Your Cisco VPN in Only 5 Minutesĭuo makes it easy to add strong two-factor authentication to your Cisco VPN. ![]()
0 Comments
Leave a Reply. |