We are trying to implemente Meraki VPN and FTD RA VPN with ISE and also add DUO MFA , now reviewing the documentation for integration with DUO it says you need to add DUO as external radius Server so that it acts as authentication proxy, does DUO MFA edition requires authentication proxy and local server where PAC file is posted.
Also , it is not clear whether we need to add FTD RA VPN or Cisco ISE with DUO on DUO portal
user->FTD/Meraki VPN->ISE->DUO auth proxy->AD
Above is the general workflow when using RA VPN with ISE and DUO , does it always needs auth proxy ? or there are some alternates using radius token, what is the delay at which user will receive the code on their cell phone
Please let me know if there is any document or suggestions as in some forums DUO mentions to enrol FTD and in some Cisco ISE but my objective is to integrate with ISE and also needs to ensure whether auth proxy is needed or not.