VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
[Narrator] Hello, I'mMatt from Duo Stability.
During this video, I'm goingto tell you about how to guard your Cisco ASA SSL VPN logins with Duo.
In the course of the setup system, you might utilize the Cisco Adaptive SecurityDevice Supervisor, or ASDM.
Prior to looking at thisvideo, you should definitely reference the documentation forinstalling this configuration at duo.
com/docs/cisco.
Observe that this configuration supports inline self-serviceenrollment as well as Duo Prompt.
Our alternate RADIUS-basedCisco configuration offers extra features which includes configurable failmodes, IP tackle-centered procedures and autopush authentication, but would not aid the Duo Prompt.
Examine that configurationat duo.
com/docs/cisco-alt.
Very first, Make certain that Duo is compatible using your Cisco ASA machine.
We guidance ASA firmwareversion 8.
3 or later on.
You could Examine whichversion with the ASA firmware your machine is employing by logginginto the ASDM interface.
Your firmware version will probably be detailed while in the Unit Informationbox close to ASA Model.
Additionally, you must have a working primary authentication configurationfor your SSL VPN buyers, for instance LDAP authenticationto Energetic Directory.
(mild audio) To get started with theinstallation approach, log in to your Duo Admin Panel.
While in the Admin Panel, click on Apps.
Then click on Guard an Software.
Key in “cisco”.
Close to the entry for Cisco SSL VPN, click Shield this Software, which requires you in your newapplication's Homes webpage.
At the very best of this page, click on the website link to obtain the Duo Cisco zip package.
Notice that this file includes information unique to the application.
Unzip it somewhere convenientand simple to access, like your desktop.
Then click on the link to open the Duo for Cisco documentation.
Hold both equally the documentationand Attributes internet pages open up while you continue through the set up approach.
Immediately after producing the applicationin the Duo Admin panel and downloading the zip package deal, you have to modify thesign-in web site for your personal VPN.
Go online on your Cisco ASDM.
Click the configuration tab after which click on RemoteAccess VPN during the still left menu.
Navigate to Clientless SSL VPNAccess, Portal, Web Contents.
Click on Import.
While in the Source area, select Community Pc, and click Browse Neighborhood Data files.
Track down the Duo-Cisco-[VersionNumber].
js file you extracted through the zip package deal.
Soon after you choose the file, it'll appear while in the Online page Route box.
While in the Place segment, under Require authenticationto access its material?, select the radio button beside No.
Click on Import Now.
Navigate to Clientless SSL VPN Entry, Portal, Customization.
Pick the CustomizationObject you should modify.
For this video, we will make use of the default customization template.
Click on Edit.
During the outline menu around the still left, under Logon Site, click on Title Panel.
Copy the string offered in step nine in the Modify the sign-in webpage segment to the Duo Cisco documentationand paste it inside the textual content box.
Switch “X” with the fileversion you downloaded.
In cases like this, it is actually “six”.
Simply click OK, then click on Utilize.
Now you need to include the Duo LDAP server.
Navigate to AAA/LocalUsers, AAA Server Teams.
In the AAA Server Groupssection at the very best, click on Insert.
In the AAA Server Groupfield, type in Duo-LDAP.
Inside the Protocol dropdown, find LDAP.
More moderen variations with the ASA firmware have to have you to offer a realm-id.
In this example, we will use “one”.
Click on OK.
Pick the Duo-LDAP team you simply additional.
Within the Servers inside the SelectedGroup section, simply click Insert.
Inside the Interface Title dropdown, decide on your exterior interface.
It might be called exterior.
During the Server Identify or IP handle area, paste the API hostname from your software's Qualities website page while in the Duo Admin Panel.
Established the Timeout to 60 seconds.
This enables your usersenough time throughout login to answer the Duo two-issue request.
Look at Permit LDAP about SSL.
Established Server Sort to DetectAutomatically/Use Generic Style.
In the Base DN field, enter dc= then paste your integration essential from the apps' properties webpage from the Duo Admin Panel.
After that, sort , dc=duosecurity, dc=com Established Scope to One levelbeneath the Base DN.
Within the Naming Characteristics area, type cn.
Inside the Login DN area, copyand paste the data with the https://vpngoup.com Base DN field you entered over.
While in the Login Password area, paste your software's magic formula critical from your Houses pagein the Duo Admin Panel.
Click OK, then click Utilize.
Now configure the Duo LDAP server.
During the remaining sidebar, navigate to Clientless SSL VPNAccess, Connection Profiles.
Under Connection Profiles, select the connectionprofile you should modify.
For this online video, We're going to usethe DefaultWEBVPNGroup.
Click Edit.
Within the left menu, below Innovative, decide on Secondary Authentication.
Decide on Duo-LDAP within the Server Group listing.
Uncheck the Use LOCAL ifServer Team fails box.
Look at the box for Use Major username.
Click on Okay, then click Apply.
If any of your respective people log in by means of desktop or cell AnyConnect clients, You will need to enhance the AnyConnectauthentication timeout from your default twelve seconds, to ensure that users have ample time to useDuo Press or telephone callback.
Within the still left sidebar, navigateto Community (Consumer) Entry, AnyConnect Client Profile.
Pick out your AnyConnect consumer profile.
Simply click Edit.
Inside the left menu, navigateto Preferences (Section two).
Scroll to your bottomof the site and alter the Authentication Timeout(seconds) location to sixty.
Click OK, then simply click Use.
With every thing configured, it is currently time to check your setup.
In an online browser, navigate to your Cisco ASA SSL VPN services URL.
Enter your username and password.
After you complete Main authentication, the Duo Prompt seems.
Applying this prompt, users can enroll in Duo or comprehensive two-factor authentication.
Due to the fact this person has alreadybeen enrolled in Duo, you could pick Deliver Me a Drive, Call Me, or Enter a Passcode.
Choose Mail Me a Force to send a Duo press notificationto your smartphone.
In your cell phone, open the notification, tap the green button toaccept, so you're logged in.
Take note that when usingthe AnyConnect shopper, consumers will see a next password field.
This field accepts thename of a Duo component, including force or phone, or perhaps a Duo passcode.
Moreover, the AnyConnectclient will never update towards the amplified 60 next timeout until finally A prosperous authentication is created.
It is recommended that you make use of a passcode for your personal second issue tocomplete your 1st authentication after updating the AnyConnect timeout.
You've properly setupDuo two-variable authentication to your Cisco ASA SSL VPN.