FTD RA VPN with ISE and DUO MFA

Hi all,

We are trying to implemente Meraki VPN and FTD RA VPN with ISE and also add DUO MFA , now reviewing the documentation for integration with DUO it says you need to add DUO as external radius Server so that it acts as authentication proxy, does DUO MFA edition requires authentication proxy and local server where PAC file is posted.

Also , it is not clear whether we need to add FTD RA VPN or Cisco ISE with DUO on DUO portal

Workflow is

user->FTD/Meraki VPN->ISE->DUO auth proxy->AD

Above is the general workflow when using RA VPN with ISE and DUO , does it always needs auth proxy ? or there are some alternates using radius token, what is the delay at which user will receive the code on their cell phone

Please let me know if there is any document or suggestions as in some forums DUO mentions to enrol FTD and in some Cisco ISE but my objective is to integrate with ISE and also needs to ensure whether auth proxy is needed or not.

Regards,
Sam

Hey Guys,

Can someone provide some guidance.

Regards,
Sam

Hi Sameer, thanks for sharing your question here! You’ve provided a good amount of detail in your post along with the specific questions you’d like answered. This is a bit beyond my own personal ability and expertise to help though, so I’d recommend contacting Duo Support as a start. They’ll be able to assist much faster with this. Please be sure to link them to this post for more context to save you from retyping all of this info :slight_smile: