Hello all,
I’m writing this post because I have troubles with integrating RADIUS Cisco ISE and DUO Authentication Proxy. I followed the official guide.
I’d also have to point out that in my infrastructure the [radius_client] and [radius_server_auto] are the same device. Cisco ISE.
For this scenario to work, additionally I had to define Network Device in Cisco ISE (Authentication-> Network Resources-> Network Devices).
For this test I have defined user identity that is authenticated against Active Directory.
indent preformatted text by 4 spaces[DuoForwardServer (UDP)] Sending request from [Cisco ISE IP] to radius_server_auto
[DuoForwardServer (UDP)] Received new request id 8 from ([Cisco ISE IP], 48515)
[DuoForwardServer (UDP)] (([Cisco ISE IP], 48515), duoUser, 8): login attempt for username u’duoUser’
[DuoForwardServer (UDP)] Sending request for user u’duoUser’ to ([Cisco ISE IP], 1812) with id 171
[RadiusClient (UDP)] Got response for id 171 from (, 1812); code 3
[RadiusClient (UDP)] (([Cisco ISE IP], 48515), duoUser, 8): Primary credentials rejected - No reply message in packet
[RadiusClient (UDP)] Sending request for user u’duoUser’ to ([Cisco ISE IP], 1812) with id 189
[RadiusClient (UDP)] Got response for id 189 from ([Cisco ISE IP], 1812); code 3
[RadiusClient (UDP)] (([Cisco ISE IP], 48515), duoUser, 8): Primary credentials rejected - No reply message in packet
[RadiusClient (UDP)] (([Cisco ISE IP], 48515), duoUser, 8): Returning response code 3: AccessReject
[RadiusClient (UDP)] (([Cisco ISE IP], 48515), duoUser, 8): Sending response
On the Cisco ISE the log says only to check the External RADIUS logs.
Do you have any idea where I might have a problem?
Thank you.