Cisco ISE and Duo Authentication Proxy

Hello all,

I’m writing this post because I have troubles with integrating RADIUS Cisco ISE and DUO Authentication Proxy. I followed the official guide.

I’d also have to point out that in my infrastructure the [radius_client] and [radius_server_auto] are the same device. Cisco ISE.
For this scenario to work, additionally I had to define Network Device in Cisco ISE (Authentication-> Network Resources-> Network Devices).

For this test I have defined user identity that is authenticated against Active Directory.

indent preformatted text by 4 spaces[DuoForwardServer (UDP)] Sending request from [Cisco ISE IP] to radius_server_auto
[DuoForwardServer (UDP)] Received new request id 8 from ([Cisco ISE IP], 48515)
[DuoForwardServer (UDP)] (([Cisco ISE IP], 48515), duoUser, 8): login attempt for username u’duoUser’
[DuoForwardServer (UDP)] Sending request for user u’duoUser’ to ([Cisco ISE IP], 1812) with id 171
[RadiusClient (UDP)] Got response for id 171 from (, 1812); code 3
[RadiusClient (UDP)] (([Cisco ISE IP], 48515), duoUser, 8): Primary credentials rejected - No reply message in packet
[RadiusClient (UDP)] Sending request for user u’duoUser’ to ([Cisco ISE IP], 1812) with id 189
[RadiusClient (UDP)] Got response for id 189 from ([Cisco ISE IP], 1812); code 3
[RadiusClient (UDP)] (([Cisco ISE IP], 48515), duoUser, 8): Primary credentials rejected - No reply message in packet
[RadiusClient (UDP)] (([Cisco ISE IP], 48515), duoUser, 8): Returning response code 3: AccessReject
[RadiusClient (UDP)] (([Cisco ISE IP], 48515), duoUser, 8): Sending response

On the Cisco ISE the log says only to check the External RADIUS logs.

Do you have any idea where I might have a problem?

Thank you.

Hey @dariotmmk

Looking at this log, I noticed it says “No reply message in packet.” Give the steps in this article a try and see if that works for you?

FYI usually there will be some sort of message after “Primary credentials rejected” that gives a clue as to why/what’s going on. I recommend bookmarking this guide on how to interpret and troubleshoot Duo Authentication Proxy debug logs as it is v. helpful in figuring things out!