VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
[Narrator] Hello, I'mMatt from Duo Stability.
In this particular movie, I am goingto demonstrate how to safeguard your Cisco ASA SSL VPN logins with Duo.
During the setup procedure, you'll utilize the Cisco Adaptive SecurityDevice Supervisor, or ASDM.
Just before viewing thisvideo, you should definitely reference the documentation forinstalling this configuration at duo.
com/docs/cisco.
Observe this configuration supports inline self-serviceenrollment and also the Duo Prompt.
Our alternate RADIUS-basedCisco configuration features extra functions which include configurable failmodes, IP tackle-primarily based insurance policies and autopush authentication, but does not assist the Duo Prompt.
Read about that configurationat duo.
com/docs/cisco-alt.
Initial, make sure that Duo is appropriate with all your Cisco ASA device.
We assist ASA firmwareversion eight.
3 or later on.
It is possible to Check out whichversion from the ASA firmware your device is using by logginginto the ASDM interface.
Your firmware Model is going to be mentioned within the Gadget Informationbox close to ASA Version.
On top of that, you should have a Doing work primary authentication configurationfor your SSL VPN consumers, such as LDAP authenticationto Lively Listing.
(light new music) To get going with theinstallation system, log in to your Duo Admin Panel.
During the Admin Panel, click on Programs.
Then click Secure an Software.
Key in “cisco”.
Close to the entry for Cisco SSL VPN, click Shield this Software, which normally takes you for your newapplication's Homes web page.
At the top of the website page, simply click the connection to download the Duo Cisco zip package deal.
Observe that this file has facts certain on your application.
Unzip it somewhere convenientand very easy to access, like your desktop.
Then click on the hyperlink to open the Duo for Cisco documentation.
Preserve each the documentationand Houses webpages open as you proceed in the setup course of action.
Right after creating the applicationin the Duo Admin panel and downloading the zip deal, you'll want to modify thesign-in site on your VPN.
Go online to the Cisco ASDM.
Simply click the configuration tab then click on RemoteAccess VPN inside the remaining menu.
Navigate to Clientless SSL VPNAccess, Portal, Internet Contents.
Click Import.
Within the Resource section, pick out Regional Computer system, and click Look through Neighborhood Data files.
Identify the Duo-Cisco-[VersionNumber].
js file you extracted with the zip package deal.
Right after you choose the file, it will eventually look from the Online page Path box.
While in the Place portion, underneath Have to have authenticationto accessibility its material?, pick the radio button beside No.
Click on Import Now.
Navigate to Clientless SSL VPN Obtain, Portal, Customization.
Pick the CustomizationObject you need to modify.
For this online video, we will use the default customization template.
Click Edit.
In the define menu on the left, below Logon Web page, simply click Title Panel.
Copy the string delivered in move nine of the Modify the indicator-in web page portion around the Duo Cisco documentationand paste it during the textual content box.
Exchange “X” While using the fileversion you downloaded.
In cases like this, it is actually https://vpngoup.com “6”.
Click Alright, then click Apply.
Now you need to include the Duo LDAP server.
Navigate to AAA/LocalUsers, AAA Server Groups.
Inside the AAA Server Groupssection at the top, simply click Insert.
Inside the AAA Server Groupfield, type in Duo-LDAP.
While in the Protocol dropdown, choose LDAP.
More recent variations of the ASA firmware call for you to deliver a realm-id.
In this instance, We'll use “1”.
Click OK.
Select the Duo-LDAP group you only additional.
While in the Servers in the SelectedGroup part, click Include.
During the Interface Title dropdown, select your external interface.
It could be named exterior.
Inside the Server Identify or IP address field, paste the API hostname from a software's Houses website page while in the Duo Admin Panel.
Established the Timeout to sixty seconds.
This enables your usersenough time during login to answer the Duo two-variable request.
Look at Help LDAP around SSL.
Set Server Variety to DetectAutomatically/Use Generic Type.
In The bottom DN subject, enter dc= then paste your integration vital from the purposes' Houses web site during the Duo Admin Panel.
After that, sort , dc=duosecurity, dc=com Set Scope to One levelbeneath the Base DN.
Within the Naming Attributes field, sort cn.
Inside the Login DN discipline, copyand paste the information with the Foundation DN area you entered higher than.
In the Login Password subject, paste your software's top secret important in the Attributes pagein the Duo Admin Panel.
Click on OK, then click on Use.
Now configure the Duo LDAP server.
Inside the left sidebar, navigate to Clientless SSL VPNAccess, Relationship Profiles.
Less than Relationship Profiles, pick out the connectionprofile you wish to modify.
For this video clip, We'll usethe DefaultWEBVPNGroup.
Simply click Edit.
From the still left menu, underneath Sophisticated, find Secondary Authentication.
Decide on Duo-LDAP while in the Server Team listing.
Uncheck the Use Neighborhood ifServer Team fails box.
Examine the box to be used Most important username.
Simply click Alright, then click Implement.
If any of one's consumers log in by way of desktop or mobile AnyConnect purchasers, You'll have to improve the AnyConnectauthentication timeout with the default twelve seconds, to ensure end users have adequate time to useDuo Drive or cellular phone callback.
In the still left sidebar, navigateto Network (Consumer) Entry, AnyConnect Consumer Profile.
Pick out your AnyConnect consumer profile.
Click on Edit.
Inside the remaining menu, navigateto Choices (Section 2).
Scroll to your bottomof the web site and change the Authentication Timeout(seconds) placing to sixty.
Click Alright, then click Implement.
With all the things configured, now it is time to test your setup.
In an online browser, navigate towards your Cisco ASA SSL VPN services URL.
Enter your username and password.
After you complete Major authentication, the Duo Prompt seems.
Working with this prompt, end users can enroll in Duo or finish two-element authentication.
Given that this consumer has alreadybeen enrolled in Duo, it is possible to select Mail Me a Thrust, Simply call Me, or Enter a Passcode.
Choose Mail Me a Press to mail a Duo thrust notificationto your smartphone.
In your cell phone, open the notification, tap the environmentally friendly button toaccept, and you simply're logged in.
Observe that when usingthe AnyConnect consumer, end users will see a second password field.
This industry accepts thename of a Duo element, like force or telephone, or perhaps a Duo passcode.
Moreover, the AnyConnectclient will not update to the amplified 60 2nd timeout right up until A prosperous authentication is produced.
It is usually recommended that you simply make use of a passcode on your next variable tocomplete your very first authentication after updating the AnyConnect timeout.
You've got properly setupDuo two-factor authentication in your Cisco ASA SSL VPN.