![]() Primary and Duo secondary authentication occur at the identity provider, not at the ASA itself. This deployment option features Duo Single Sign-On, our cloud-hosted SAML 2.0 identity provider. The SAML VPN deployment features inline enrollment and authentication in the Duo Universal Prompt for both web-based VPN logins and An圜onnect 4.6+ client logins. The An圜onnect RADIUS configuration does not feature the interactive Duo Prompt for web-based logins, but that configuration does capture client IP information for use with Duo policies, such as geolocation and authorized networks, and offers configurable fail mode. This integration expressly supports Cisco ASA VPN and is not guaranteed to work with any other VPN solution. There is no configurable fail mode for LDAPS connections, so if your device cannot contact Duo's service your users won't be able to log in with Duo. LDAPS authentications do not report a client IP address when the An圜onnect client is used. ![]() Your ASA device makes a direct connection to Duo's cloud service using LDAPS. This Duo ASA SSL VPN configuration supports inline self-service enrollment and the Duo Prompt for web-based VPN logins, and push, phone call, or passcode authentication for An圜onnect desktop and mobile client connections that use SSL encryption. ![]() Please visit the article Guide to end of life for the Duo LDAP cloud service (LDAPS) used to provide 2FA for Cisco ASA, Juniper Networks Secure Access, and Pulse Secure Connect Secure SSL VPN for further details, and review the Duo End of Sale, Last Date of Support, and End of Life Policy. See the "Related" links to the left to explore more RADIUS configurations. We recommend you deploy Duo Single Sign-On for Cisco ASA with An圜onnect to protect Cisco ASA with Duo Single Sign-On, our cloud-hosted identity provider featuring Duo Central and the Duo Universal Prompt.Īnother alternative to direct LDAPS connections is adding Duo authentication to Cisco ASA using RADIUS and the Duo Authentication Proxy, for example, RADIUS with Automatic Push for Cisco ASA. Customers may not create new Cisco ASA SSL VPN applications after September 7, 2023. Direct LDAP connectivity to Duo for Cisco ASA will reach end of life on March 30, 2024. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |