Using DUO Proxy + AD Successfully

GOAL = Use Cisco AnyConnect Secure Mobility Clients for MAC & WIN

RATIONALE = Windows 10/11 Built-in VPN Client is notoriously flaky (adapter configs, etc.)


BEFORE

  • Windows 10/11 Built-in VPN Client → myvpn.mycompany.com → non-cisco router → DUO Proxy (AD Auth) → DUO Mobile Prompt → Network access successful

  • MAC OSX VPN L2TP Client → myvpn.mycompany.com → non-cisco router → DUO Proxy (AD Auth) → DUO Mobile Prompt → Network access successful

AFTER

  • Cisco AnyConnect Secure Mobility Client (MAC & WIN) → myvpn.mycompany.com → Cisco RVXXX router → No valid certificates available for authentication, Connection attempt has failed

  • Using default router cert for “SSL VPN” config

CURRENT WORKAROUND MODE

  • Windows 10/11 Built-in VPN Client → myvpn.mycompany.com → non-cisco router → DUO Proxy (AD Auth) → DUO Mobile Prompt → Network access successful

  • MAC Cisco AnyConnect Secure Mobility Client → IP:port → Cisco RVXXX router → SSL VPN → Network access successful (No DUO)

ASSUMPTIONS/FINDINGS

  • Uploaded certs required for primary and backup VPN servers (on-prem)

  • I am so close, I think; Client-to-Site tunnel has also been configured with correct CERT, tested, No valid certificates available for authentication, Connection attempt has failed

  • I do have a question about Local (uploaded) vs. Remote CA Certificate (chose from where we purchased) - still not luck