VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
[Narrator] Hi, I'mMatt from Duo Safety.
Within this video clip, I am goingto show you how to shield your Cisco ASA SSL VPN logins with Duo.
Throughout the setup approach, you might make use of the Cisco Adaptive SecurityDevice Manager, or ASDM.
In advance of looking at thisvideo, you should definitely reference the documentation forinstalling this configuration at duo.
com/docs/cisco.
Be aware that this configuration supports inline self-serviceenrollment and the Duo Prompt.
Our alternate RADIUS-basedCisco configuration features extra capabilities including configurable failmodes, IP deal with-based mostly guidelines and autopush authentication, but won't assist the Duo Prompt.
Examine that configurationat duo.
com/docs/cisco-alt.
Initial, make sure that Duo is compatible with your Cisco ASA device.
We assistance ASA firmwareversion 8.
3 or afterwards.
You could Check out whichversion from the ASA firmware your product is using by logginginto the ASDM interface.
Your firmware Edition are going to be listed within the Gadget Informationbox beside ASA Model.
Furthermore, you needs to have a Doing work Major authentication configurationfor your SSL VPN customers, like LDAP authenticationto Energetic Listing.
(light-weight tunes) To get going with theinstallation process, log in to your Duo Admin Panel.
Within the Admin Panel, click Apps.
Then click Shield an Software.
Key in “cisco”.
Beside the entry for Cisco SSL VPN, click on Safeguard this Software, which can take you in your newapplication's Houses website page.
At the very best of this page, click on the connection to down load the Duo Cisco zip offer.
Note this file is made up of facts unique to your application.
Unzip it somewhere convenientand simple to access, like your desktop.
Then click on the link to open up the Duo for Cisco documentation.
Retain each the documentationand Houses internet pages open up as you continue in the set up process.
Soon after building the applicationin the Duo Admin panel and downloading the zip bundle, you'll want to modify thesign-in website page to your VPN.
Go surfing to your Cisco ASDM.
Click the configuration tab after which you can click RemoteAccess VPN while in the left menu.
Navigate to Clientless SSL VPNAccess, Portal, World-wide-web Contents.
Click on Import.
While in the Supply segment, pick Local Personal computer, and click on Search Area Data files.
Locate the Duo-Cisco-[VersionNumber].
js file you extracted with the zip package.
Immediately after you choose the file, it can appear inside the Web page Path box.
During the Vacation spot segment, less than Call for authenticationto entry its content?, find the radio button next to No.
Click on Import Now.
Navigate to Clientless SSL VPN Accessibility, Portal, Customization.
Choose the CustomizationObject you want to modify.
For this movie, we will make use of the default customization template.
Simply click Edit.
Inside the outline menu about the left, beneath Logon Website page, simply click Title Panel.
Copy the string furnished in phase nine in the Modify the sign-in web page section to the Duo Cisco documentationand paste it from the textual content box.
Replace “X” Using the fileversion you downloaded.
In cases like this, it is actually “6”.
Click on Alright, then click Use.
Now you must increase the Duo LDAP server.
Navigate to AAA/LocalUsers, AAA Server Teams.
While in the AAA Server Groupssection at the highest, click Add.
While in the AAA Server Groupfield, type in Duo-LDAP.
During the Protocol dropdown, find LDAP.
More moderen variations in the ASA firmware demand you to deliver a realm-id.
In this example, We're going to use “one”.
Click Okay.
Choose the Duo-LDAP team you simply included.
During the Servers within the SelectedGroup segment, click on Add.
Within the Interface Title dropdown, select your external interface.
It may be named outside.
During the Server Title or IP deal with field, paste the API hostname from the application's Attributes site within the Duo Admin Panel.
Set the Timeout to sixty seconds.
This will allow your usersenough time during login to respond to the Duo two-element request.
Check Help LDAP above SSL.
Set Server Kind to DetectAutomatically/Use Generic Form.
In The bottom DN industry, enter dc= then paste your integration critical from the purposes' Homes website page in the Duo Admin Panel.
After that, type , dc=duosecurity, dc=com Established Scope to at least one levelbeneath the Base DN.
Within the Naming Attributes industry, form cn.
Within the Login DN subject, copyand paste the data through the Foundation DN discipline you entered above.
While in the Login Password industry, paste your software's magic formula important from your Attributes pagein the Duo Admin Panel.
Click Alright, then click Utilize.
Now configure the Duo LDAP server.
Inside the still left sidebar, navigate to Clientless SSL VPNAccess, Link Profiles.
Under Connection Profiles, select the connectionprofile you would like to modify.
For this online video, We are going to usethe DefaultWEBVPNGroup.
Click on Edit.
Inside the remaining menu, under Highly developed, choose Secondary Authentication.
Select Duo-LDAP within the Server Team listing.
Uncheck the Use LOCAL ifServer Group fails box.
Examine the box to be used Principal username.
Click Alright, then click on Utilize.
If any of your customers log in by means of desktop or cell AnyConnect customers, You will need to enhance the AnyConnectauthentication timeout through the default 12 seconds, so that consumers have ample time for you to useDuo Thrust or cell phone callback.
From the left sidebar, navigateto Network (Customer) Accessibility, AnyConnect Shopper Profile.
Choose your AnyConnect shopper profile.
Click on Edit.
Within the left menu, navigateto Tastes (Part two).
Scroll into the bottomof the web site and change the Authentication Timeout(seconds) placing to 60.
Simply click Okay, then simply click Implement.
With every little thing configured, it is currently time to test your set up.
In an online browser, navigate to your Cisco ASA SSL VPN services URL.
Enter your username and password.
When you finish Major authentication, the Duo Prompt seems.
Applying this prompt, consumers can enroll in Duo or entire two-aspect authentication.
Since this person has alreadybeen enrolled in Duo, you could pick Mail Me a Press, Contact Me, or Enter a Passcode.
Decide on Send out Me a Force to deliver a Duo push notificationto your smartphone.
On your phone, open up the notification, faucet the eco-friendly button toaccept, therefore you're logged in.
Notice that when usingthe AnyConnect shopper, buyers will see a second password area.
This area accepts thename of the Duo element, like drive or cellphone, or possibly a Duo passcode.
Also, the AnyConnectclient will never update to the elevated 60 2nd timeout right until a successful authentication is made.
It is recommended that you use a passcode for the next element https://vpngoup.com tocomplete your to start with authentication after updating the AnyConnect timeout.
You have got correctly setupDuo two-issue authentication for the Cisco ASA SSL VPN.