11-01-2017 06:30 PM
Hi all. I’m new to Duo and new to the Duo community; so hopefully this is a good place to post this.
With a little help I was able to get Duo setup to protect my Palo Alto VPN gateway. About 80 people use the VPN, however, I am only testing with 4 users (including myself). After entering a username and password and clicking ‘Connect’, the connection waits for the user to interact with Duo – this is GREAT!
Upon tapping ‘Approve’ from the Push Notification you get connected to VPN and all is well; it’s perfect! Further testing led me to try tapping ‘Deny’. Answering the ‘Why are you denying…?’ question with either option produces the same result. Duo shows the ‘Denied!’ message – but I still move forward and successfully connect to VPN.
The logs on my proxy server show the following:
2017-11-01T20:17:36-0500 [HTTPPageGetter (TLSMemoryBIOProtocol),client] ((‘10.5.1.50’, 45383), 92): Duo authentication returned ‘deny’: 'Login request denied.'
2017-11-01T20:17:36-0500 [HTTPPageGetter (TLSMemoryBIOProtocol),client] ((‘10.5.1.50’, 45383), 92): Returning response code 3: AccessReject
2017-11-01T20:17:36-0500 [HTTPPageGetter (TLSMemoryBIOProtocol),client] ((‘10.5.1.50’, 45383), 92): Sending response
From my limited knowledge it would appear that all is working. Am I missing something simple?
Thanks!
11-22-2017 11:30 AM
Hi mmgrath,
I suggest you contact Duo support about this. To troubleshoot we’d want to see more context around the authentication attempt that was denied from Authentication Proxy debug logging, which may not be best shared in this public forum.
Here’s how to enable debug logging on the Authentication Proxy.
11-22-2017 12:30 PM
Thanks. I figured it out. It had to do with my authentication sequence on my Palo Alto.
Max
04-16-2019 04:41 PM
Max,
Any chance you could share a redacted copy of your config? We’re trying to do the same here in my shop.
Thanks.
Kev.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide