Duo Integration with ISE for TACACS+ Device Administration with AD Users

Hi guys,

I need to know if is possible use DUO with ISE connected tu Azure AD to give access to our Network equipment using Tacacs+

i already test using duo with duo proxy+ise+ad on-premise, but now i need use ise with azure ad, the idea is not use a duo proxy

Thanks

Hi @Patricio_Mansilla,

As far as I know, the only way to integrate ISE with Duo is through Radius and hence through the authentication proxy.

This is also stated in the Duo documentation:

To integrate Duo with your Cisco ISE, you will need to install a local Duo proxy service on a machine within your network. This Duo proxy server will receive incoming RADIUS requests from your Cisco ISE, contact your existing local LDAP/AD or RADIUS server to perform primary authentication, and then contact Duo’s cloud service for secondary authentication.

HTH
Antony