Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1374
Views
0
Helpful
0
Replies

SonicWALL SRA 4200 Duo with NetExtender

WarmMixture
Level 1
Level 1

‎09-11-2019 11:30 AM

Hello. We’re trying to setup Duo to integrate with our SonicWALL SRA 4200 and so far it is successful with the primary configuration using [radius_server_iframe], however I’m looking to have this work with NetExtender as well but that doesn’t seem to be working when using the SonicWALL SRA alternative configuration at SonicWALL SRA or SMA 100 Series SSL with RADIUS Auto Push for VPN Client Access | Duo Security and [radius_server_auto].

Our configuration is using [ad_client] for preauthentication, and the strange thing is that if a user tries to login with either NetExtender or the SSL VPN SRA webpage using [radius_server_auto] configuration, it will send a push notification to the user’s Duo Mobile app but nothing happens after that point. Before timing out, the user will receive one more push notification, wait a while, then the SRA webpage or NetExtender will return an error “Login server unreachable. Please contact your administrator or try again later.”

According to the authproxy.log it shows preauth was successful then it triggered a push notification. Then Duo authentication returned ‘allow’: ‘Success. Logging you in…’ and it sent the response. The log pretty much stops at that point but then it repeats this process for that second Duo push. The only error I see here is between the auth and preauth stage with the following line:

[HTTPPageGetter (TLSMemoryBIOProtocol),client] Invalid single ip: hostname.domain.name.

(Note: “hostname.domain.name” is not the actual data in the log, I just changed it here for privacy.)

I learned this was picked up from the SRA’s configured hostname under Network > DNS > SRA Appliance Hostname, and it actually didn’t matter whether I configured it to be a resolvable hostname or not. I even went so far as to change the hostname to the SRA’s IP address, which gave me a different result in the log to the effect of “valid IP” but like I said, no change in the overall behavior.

I also checked the connectivity_tool.log but it just reports no issues or connectivity problems detected.

What am I doing wrong?

0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents