04-16-2020 10:42 AM
We have set up the Duo Proxy server, and set up authentication from Cisco VPN ASA, when we test authentication to the Duo Proxy from the VPN profile we get error “authentication rejected: AAA Failure”
Looking at the log file the Duo Proxy server we see this error “There was a problem running the connectivity tool: Attempted to get the client for a non-server section”
I can only assume the Proxy config is incorrect in some way, but not sure?
Has anyone seen this?
04-17-2020 08:01 AM
It’s hard to say what is wrong without knowing what’s in your config file.
client
section configured for primary authentication, and a server
section for your ASA that uses the client
section (either because you explicitly specified it with the client=
option or because there is only one client
section so it is used by default)?04-17-2020 08:42 AM
Yes the config matches per the set up doc.
On the ASA VPN I can run a test to check the configuration there and keep getting the same error “authentication rejected: AAA Failure”
I do have debug turned on and after all the checks of the config is says this:
“There are no configuration problems”
So now I’m totally confused…
04-20-2020 06:20 AM
Sorry to hear that.
The output of the connectivity log is not the same thing as the Authentication Proxy’s own debug log. I suggest you enable debug logging on your Duo Authentication Proxy, test the auth from the ASA, and then open the authproxy.log
file on the proxy server to see what output was captured for the incoming request from the ASA and the subsequent response during that authentication test.
If you don’t see any authentication activity in the Duo proxy’s authproxy.log
, then there is likely an issue preventing communications between the Duo proxy and your ASA, and you should examine the network config , firewall, routing, etc.
If there is no authproxy.log
file, then most likely the Duo Authentication Proxy service could not be started. Verify whether the service is started. If it isn’t, try to start it manually. If it will not start and stay running, here are some suggestions.
Keep in mind this forum isn’t a substitute for Duo Support, so if you are still stuck consider contacting them to receive 1:1 troubleshooting assistance.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide