03-18-2020 12:49 AM
Hi Team,
We are integrating ISE with DUO for remote access vpn use case.
As per DUO documentation (https://duo.com/docs/ciscoise-radius#change-the-authentication-policy) we need to configure DuoRADIUSSquence for policy in policy set. But after doing that, we can't see authorization policies for that policy. It just only shows count number.
It is bug? Ideally it should shows authentication and authorization policies for that main policy.
I am using ISE 2.6 with patch 5.
Kindly correct me if I am doing something wrong.
Solved! Go to Solution.
03-18-2020 11:26 PM
Thx a lot Greg for the link.
I found the answer for DUO integration with ISE Posture for VPN.
Basically we need to define DUO as external Radius server as mentioned in the DUO document. But we need to enable "On access-accept, proceed to authorization policy" under Advanced option for Radius Server Sequence. This will enable to configure authorization policy.
03-18-2020 10:45 PM
The example in that document is using ISE as RADIUS Proxy. When using this option, ISE only sends the request to the upstream RADIUS server (in this case the Duo Auth Proxy) and returns the response from that server to the originating RADIUS client. ISE has no control of the AuthC/AuthZ decisions, which is why there are no underlying AuthC or AuthZ Policies.
This is working as designed.
While that document provides good detail on the underlying integration and configuration of the Duo Auth Proxy, there are other options for inserting Duo into the flow. See the following document for another example in which ISE can provide more control.
DUO MFA with Cisco Anyconnect and ISE
Cheers,
Greg
03-18-2020 11:26 PM
Thx a lot Greg for the link.
I found the answer for DUO integration with ISE Posture for VPN.
Basically we need to define DUO as external Radius server as mentioned in the DUO document. But we need to enable "On access-accept, proceed to authorization policy" under Advanced option for Radius Server Sequence. This will enable to configure authorization policy.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide