Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
589
Views
0
Helpful
1
Replies

Anyconnect profile for cloud based AD

abhijith891
Level 1
Level 1

‎01-17-2019 03:55 PM

Hi All,

 

So far, we are using an Always On VPN where users are authenticated against an AD inside the client network. Now we are planning to deploy some users who will be authenticated against a MS Azure AD on the cloud. Our requirement is to create an XML profile where internet access has to be provided before the user gets connected via Anyconnect since there will be a compliance test of the machine against MS Azure. So can someone please suggest what all changes should we make on the XML profile? Sreenshots of the existing profile have been enclosed for reference. 

 

Also, should we make any other changes on the ASA firewall or the XML code?

 

PS: We are looking at a password-based authentication mechanism.

 

Regards.

 

 

Labels:
Preview file
100 KB
Preview file
90 KB
Preview file
43 KB
0 Helpful
1 Reply 1

Mohammed al Baqari
Level 11
Level 11

‎01-17-2019 09:14 PM

Hi,

Let me start with saying that authentication isn't between Azure and
client, instead its ASA will proxy authentication request to Azure. So
authentication with Azure will work even if the client don't have access to
it.

Now you can use dynamic split tunneling to exclude MS Azure from your VPN
traffic to allow direct communication between clients and Azure cloud for
other reasons (assuming you are tunneling all traffic)
0 Helpful
Customers Also Viewed These Support Documents