k7zgomf607

VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm

[Narrator] Hi, I'mMatt from Duo Security.

During this movie, I am goingto tell you about how to safeguard your Cisco ASA SSL VPN logins with Duo.

During the setup method, you will use the Cisco Adaptive SecurityDevice Manager, or ASDM.

Before viewing thisvideo, you'll want to reference the documentation forinstalling https://vpngoup.com this configuration at duo.

com/docs/cisco.

Take note this configuration supports inline self-serviceenrollment and also the Duo Prompt.

Our alternate RADIUS-basedCisco configuration offers supplemental features together with configurable failmodes, IP deal with-based mostly guidelines and autopush authentication, but would not aid the Duo Prompt.

Read about that configurationat duo.

com/docs/cisco-alt.

First, make sure that Duo is compatible with the Cisco ASA product.

We aid ASA firmwareversion 8.

three or later.

You'll be able to Look at whichversion from the ASA firmware your machine is making use of by logginginto the ASDM interface.

Your firmware version is going to be outlined inside the Device Informationbox beside ASA Version.

On top of that, you need to have a working Key authentication configurationfor your SSL VPN end users, such as LDAP authenticationto Active Directory.

(light audio) To get started with theinstallation course of action, log in into the Duo Admin Panel.

Within the Admin Panel, click on Purposes.

Then click on Safeguard an Application.

Type in “cisco”.

Beside the entry for Cisco SSL VPN, simply click Safeguard this Application, which usually takes you to your newapplication's Houses site.

At the best of this web site, simply click the link to down load the Duo Cisco zip package deal.

Be aware that this file incorporates information precise on your application.

Unzip it somewhere convenientand straightforward to obtain, like your desktop.

Then click on the connection to open the Duo for Cisco documentation.

Retain both equally the documentationand Houses internet pages open up while you carry on through the setup course of action.

Just after generating the applicationin the Duo Admin panel and downloading the zip bundle, you must modify thesign-in website page in your VPN.

Go online for your Cisco ASDM.

Simply click the configuration tab after which you can click RemoteAccess VPN in the still left menu.

Navigate to Clientless SSL VPNAccess, Portal, Net Contents.

Click Import.

While in the Supply part, pick out Regional Personal computer, and click Browse Regional Data files.

Locate the Duo-Cisco-[VersionNumber].

js file you extracted with the zip offer.

Just after you select the file, it can appear in the Online page Path box.

While in the Location section, underneath Need authenticationto accessibility its information?, decide on the radio button beside No.

Click Import Now.

Navigate to Clientless SSL VPN Entry, Portal, Customization.

Choose the CustomizationObject you would like to modify.

For this movie, We'll use the default customization template.

Click on Edit.

Within the define menu within the still left, beneath Logon Web site, simply click Title Panel.

Duplicate the string provided in phase nine from the Modify the sign-in web site section on the Duo Cisco documentationand paste it inside the textual content box.

Change “X” With all the fileversion you downloaded.

In such a case, it really is “6”.

Click on Alright, then click Implement.

Now you have to increase the Duo LDAP server.

Navigate to AAA/LocalUsers, AAA Server Groups.

Within the AAA Server Groupssection at the highest, click on Add.

During the AAA Server Groupfield, type in Duo-LDAP.

In the Protocol dropdown, pick LDAP.

More recent versions in the ASA firmware require you to supply a realm-id.

In this instance, We'll use “1”.

Simply click OK.

Decide on the Duo-LDAP group you only included.

Within the Servers while in the SelectedGroup part, simply click Incorporate.

From the Interface Identify dropdown, pick your external interface.

It might be named exterior.

Within the Server Identify or IP handle field, paste the API hostname from a software's Attributes web site while in the Duo Admin Panel.

Established the Timeout to 60 seconds.

This enables your usersenough time throughout login to respond to the Duo two-factor request.

Verify Permit LDAP in excess of SSL.

Established Server Form to DetectAutomatically/Use Generic Kind.

In the Base DN industry, enter dc= then paste your integration crucial from the purposes' Qualities site from the Duo Admin Panel.

After that, style , dc=duosecurity, dc=com Established Scope to at least one levelbeneath The bottom DN.

From the Naming Attributes subject, type cn.

During the Login DN area, copyand paste the data in the Base DN discipline you entered higher than.

While in the Login Password area, paste your software's magic formula key with the Attributes pagein the Duo Admin Panel.

Simply click Alright, then click Use.

Now configure the Duo LDAP server.

In the still left sidebar, navigate to Clientless SSL VPNAccess, Relationship Profiles.

Less than Link Profiles, choose the connectionprofile you ought to modify.

For this movie, we will usethe DefaultWEBVPNGroup.

Click Edit.

Inside the still left menu, below Advanced, pick out Secondary Authentication.

Pick Duo-LDAP from the Server Team record.

Uncheck the Use Area ifServer Team fails box.

Verify the box to be used Major username.

Click on Okay, then click on Implement.

If any of one's buyers log in by desktop or cell AnyConnect consumers, You will need to boost the AnyConnectauthentication timeout within the default 12 seconds, so that end users have ample time for you to useDuo Force or cellphone callback.

While in the left sidebar, navigateto Community (Consumer) Access, AnyConnect Consumer Profile.

Pick your AnyConnect client profile.

Click Edit.

During the left menu, navigateto Preferences (Aspect 2).

Scroll for the bottomof the webpage and change the Authentication Timeout(seconds) placing to 60.

Click OK, then click on Implement.

With everything configured, it is currently time to check your set up.

In a web browser, navigate to the Cisco ASA SSL VPN service URL.

Enter your username and password.

Once you comprehensive Main authentication, the Duo Prompt seems.

Using this prompt, consumers can enroll in Duo or finish two-aspect authentication.

Given that this consumer has alreadybeen enrolled in Duo, you could pick out Ship Me a Force, Phone Me, or Enter a Passcode.

Choose Ship Me a Force to mail a Duo thrust notificationto your smartphone.

With your cellular phone, open the notification, faucet the eco-friendly button toaccept, and you're logged in.

Notice that when usingthe AnyConnect customer, consumers will see a 2nd password subject.

This area accepts thename of the Duo aspect, for example press or phone, or simply a Duo passcode.

On top of that, the AnyConnectclient will not update to your greater 60 next timeout until finally An effective authentication is built.

It is suggested that you just make use of a passcode for the next aspect tocomplete your to start with authentication right after updating the AnyConnect timeout.

You might have efficiently setupDuo two-issue authentication on your Cisco ASA SSL VPN.