VPN remote access connections can use Duo as second factor authentication (e.g. with push app notifications). I am presenting a video showing how to use this configuration as a continuation of application of Cisco Duo Security for RDP sessions demo available here.
The components of the system used in lab:
Cisco Firepower vFTD virtual appliance
Cisco Duo Security mobile app for MFA actions
Duo cloud for MFA provisioning
Cisco Anyconnect Secure Mobility client for VPN remote access
Grandmetric Labs Active Directory
Cisco Identity Services Engine for granular AAA policy building
Lab schema:
VPN remote access Multi-factor authentication live demo
You can also read more about one of VPN MFA integration between Duo and Cisco ISE and ASA in large e-commerce that we described in our blog in 2017 You can read there about authentication flow and HLD architecture.
Marcin Biały is Network and Security Architect with over 14 years of experience, with Service Provider and Enterprise networking background. He used to work for large service providers, global vendors and integration services companies as Network Architect, Leading Architect and Techincal Solution Manager positions. He designed, implemented and supported dozens large scale projects and infrastructure migrations, solved hundreds of tickets and spent hours with CLI and GUI of many flavors. Marcin is also holding industry recognizable certificates such as CCNP, CCNA, CCSI #35269, FCNSP #7207, FCNSA and more.
Run VPN remote access in less than 24h with Grandmetric VPNaaS Hub. If your company is lacking VPN SSLlicenses, IPSec performance, VPN appliances or knowledge, your employees can easily connect to Grandmetric VPN Hub. Then we’ll tunnel your employees back to your IT resources.
Leave a Reply