Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1615
Views
0
Helpful
1
Replies

DUO Proxy and DAG with NAT

dorel1
Level 1
Level 1

‎10-25-2020 12:12 AM

Hi there,

I have a question,

DUO Proxy and DOU DAG can have NAT ?

Stage 1
ISE—>Firewall NAT—> DUO Proxy
ISE request 192.X.X.X—FW NAT–>IP 10.X.X.X DUO Proxy

Stage 2

User–>Firewall NAT—>DUO DAG
User request 192.X.X.X—>Firewall NAT—>Real IP 10.X.X.X DUO DAG.

I hope be clear.

Regards.

0 Helpful
1 Reply 1

Amy2
Level 5
Level 5

‎10-28-2020 08:41 AM

Hi @dorel,
For the Duo Authentication Proxy, as long as the traffic arrives to the Duo Authproxy on the expected IP (e.g., the IP that is configured in the config file) this should work fine. You would need to ensure the source IP does not change, however, as the Authproxy will not accept traffic from any IP it does not know about or that has not been configured in the config file.

For Duo Access Gateway, the DAG would normally be internet facing so there would be NATing in place between the clients and the DAG usually. As long as the networking is configured correctly this should be fine.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents