Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1841
Views
0
Helpful
2
Replies

Duo MFA with Cisco FTD and ISE

chatataridge
Level 1
Level 1

‎06-12-2020 08:45 AM

I have a customer with Cisco FTD firewalls who is using ISE to authenticate their SSL VPN clients. They are pushing a group-policy change from ISE to the Firewall upon successful authentication. My question is when we add DUO to the workflow, will the Duo Auth Proxy pass the radius pair from ISE to the Firewall to make the group-policy change?

Labels:
0 Helpful
2 Replies 2

thomas.busse
Level 1
Level 1

‎06-16-2020 11:54 PM

Hi Chatataridge, yes that is possible. I am terminating the VPN Clients in the default group policy with a VPN Filter “deny any” and then assigning the specific group-policy via authorization policy on ISE.

I guess when you configure the ISE as RADIUS clients in the Duo Proxy you will have to set the “pass_through_all=true” attribute for it to work.

Regards,
Thomas

0 Helpful

chatataridge
Level 1
Level 1
In response to thomas.busse

‎06-17-2020 08:18 AM

Thomas,

Thank you for your response.

Len Ledford

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents