Duo RADIUS Two-Factor Authentication for Cisco ASA SSL VPNs

stefanmtomasevic · ‎10-30-2023

Hi,

Currently I have fully operational ssl vpn access to my company via anyconnect using remote.company.com vpn FQDN address.

I have installed DUO Proxy app on separated server then my DC.

I have configured authproxy.cfg file, sync DUO with my AD, added new DUO-Radius profile in to ASA and switch from local authentication to the Duo-Radius.

When I test connection, in Message History of AnyConnect next message appears:

12:59:12 User credentials entered.
13:00:12 No valid certificates available for authentication.

When I switch back to local authentication method, it works perfectly

13:00:54 User credentials entered.
13:00:54 Establishing VPN session...
13:00:54 The AnyConnect Downloader is performing update checks...
13:00:54 Checking for profile updates...
13:00:54 Checking for product updates...
13:00:54 Checking for customization updates...
13:00:54 Performing any required updates...
13:00:54 The AnyConnect Downloader updates have been completed.
13:00:54 Establishing VPN session...
13:00:54 Establishing VPN - Initiating connection...
13:00:54 Establishing VPN - Examining system...
13:00:54 Establishing VPN - Activating VPN adapter...
13:00:58 Establishing VPN - Configuring system...
13:00:58 Establishing VPN...
13:00:58 Connected to remote.company.com.

I run all test and configuration check-up for duo proxy, and no error appears.

What and where to start t-shoot with 13:00:12 No valid certificates available for authentication.

Thank all of you for helping.