VPN and two-factor authentication


#1

Hi,
We are using MS VPN. But unfortunately it doesn’t support Passcodes with encrypted passwords (MSCHAPv2).
Now we a looking other SSL VPN solutions, that are supporting the Passcodes.
Which hardware VPN could you recommended?
Cisco
Juniper
Palo Alto
?

Thank you!


#2

Hi Exonix,

Apologies for the late reply!

If you’re still looking for a replacement VPN solution, I can make some suggestions…

Cisco ASA, Juniper/Pulse SA, Fortinet Fortigate, F5 Big IP, and PaloAlto are the big ones we see, with Cisco and Juniper/Pulse as the most popular.

We have native support for Cisco/Juniper in the Duo cloud service. Any other VPN type needs to send RADIUS requests to an on-premises Duo Authentication Proxy.

The first four VPN types I mentioned support the interactive web Duo Prompt for web VPN login. Of those, F5 supports it in their thick client too while the others just do an automatic push request to the user’s phone.

I personally like Cisco and Juniper for relative ease of deployment and the ability to chain primary and secondary authenticators. F5 also does chaining but is a little more difficult to set up. It’s quite full-featured once you have it working.

I hope this helps!