VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
[Narrator] Hi, I'mMatt from Duo Protection.
Within this video, I am goingto demonstrate how to guard your Cisco ASA SSL VPN logins with Duo.
In the set up process, you will utilize the Cisco Adaptive SecurityDevice Manager, or ASDM.
Prior to viewing thisvideo, be sure you reference the documentation forinstalling this configuration at duo.
com/docs/cisco.
Be aware this configuration supports inline self-serviceenrollment and the Duo Prompt.
Our alternate RADIUS-basedCisco configuration gives further options including configurable failmodes, IP tackle-based guidelines and autopush authentication, but would not aid the Duo Prompt.
Examine that configurationat duo.
com/docs/cisco-alt.
To start with, Be sure that Duo is appropriate using your Cisco ASA machine.
We help ASA firmwareversion eight.
3 or later.
You may Check out whichversion from the ASA firmware your system is employing by logginginto the ASDM interface.
Your firmware version will likely be mentioned inside the Device Informationbox beside ASA Version.
In addition, you have to have a working Principal authentication configurationfor your SSL VPN customers, including LDAP authenticationto Energetic Listing.
(light-weight audio) To begin with theinstallation method, log in to the Duo Admin Panel.
During the Admin Panel, click Applications.
Then click Defend an Software.
Key in “cisco”.
Close to the entry for Cisco SSL VPN, click Guard this Application, which requires you on your newapplication's Qualities web site.
At the top of this web site, simply click the connection to down load the Duo Cisco zip offer.
Take note this file contains facts specific to your application.
Unzip it somewhere convenientand easy to obtain, like your desktop.
Then click the url to open up the Duo for Cisco documentation.
Preserve each the documentationand Houses internet pages open as you proceed from the set up approach.
Following producing the applicationin the Duo Admin panel and downloading the zip package, you must modify thesign-in web page in your VPN.
Go surfing on your Cisco ASDM.
Click on the configuration tab and then click RemoteAccess VPN from the left menu.
Navigate to Clientless SSL VPNAccess, Portal, Web Contents.
Simply click Import.
While in the Supply section, choose Regional Personal computer, and click Browse Regional Information.
Identify the Duo-Cisco-[VersionNumber].
js file you extracted through the zip package.
Soon after you choose the file, it's going to appear in the Web Content Route box.
Within the Destination part, under Need authenticationto entry its content material?, pick the radio button close to No.
Click on Import Now.
Navigate to Clientless SSL VPN Entry, Portal, Customization.
Select the CustomizationObject you wish to modify.
For this video, We're going to utilize the default customization template.
Click Edit.
Inside the outline menu around the remaining, below Logon Webpage, click Title Panel.
Copy the string supplied in phase nine with the Modify the indication-in web site part on the Duo Cisco documentationand paste it within the textual content box.
Substitute “X” While using the fileversion you downloaded.
In such a case, it is “six”.
Click Alright, then simply click Utilize.
Now you'll want to increase the https://vpngoup.com Duo LDAP server.
Navigate to AAA/LocalUsers, AAA Server Groups.
During the AAA Server Groupssection at the best, click Add.
While in the AAA Server Groupfield, key in Duo-LDAP.
In the Protocol dropdown, find LDAP.
Newer variations on the ASA firmware have to have you to provide a realm-id.
In this example, We'll use “one”.
Click on Okay.
Find the Duo-LDAP group you simply additional.
Inside the Servers from the SelectedGroup segment, click on Include.
In the Interface Name dropdown, opt for your external interface.
It may be referred to as outside.
While in the Server Name or IP tackle subject, paste the API hostname out of your software's properties webpage during the Duo Admin Panel.
Established the Timeout to 60 seconds.
This will allow your usersenough time all through login to answer the Duo two-variable request.
Check Allow LDAP around SSL.
Established Server Form to DetectAutomatically/Use Generic Variety.
In The bottom DN area, enter dc= then paste your integration critical in the apps' Attributes web site in the Duo Admin Panel.
After that, kind , dc=duosecurity, dc=com Set Scope to at least one levelbeneath The bottom DN.
In the Naming Attributes industry, kind cn.
In the Login DN field, copyand paste the data through the Foundation DN discipline you entered above.
While in the Login Password subject, paste your application's solution critical from the Homes pagein the Duo Admin Panel.
Click on Okay, then simply click Implement.
Now configure the Duo LDAP server.
Inside the remaining sidebar, navigate to Clientless SSL VPNAccess, Connection Profiles.
Below Connection Profiles, decide on the connectionprofile you should modify.
For this movie, we will usethe DefaultWEBVPNGroup.
Simply click Edit.
During the remaining menu, less than Sophisticated, select Secondary Authentication.
Select Duo-LDAP from the Server Team record.
Uncheck the Use LOCAL ifServer Team fails box.
Test the box to be used Key username.
Simply click Alright, then click Use.
If any of your buyers log in by way of desktop or cellular AnyConnect purchasers, You will need to improve the AnyConnectauthentication timeout within the default 12 seconds, making sure that buyers have sufficient the perfect time to useDuo Force or telephone callback.
In the still left sidebar, navigateto Community (Consumer) Entry, AnyConnect Customer Profile.
Find your AnyConnect customer profile.
Simply click Edit.
Inside the remaining menu, navigateto Tastes (Portion 2).
Scroll for the bottomof the webpage and change the Authentication Timeout(seconds) environment to 60.
Click on OK, then click Use.
With everything configured, it's now time to test your setup.
In an online browser, navigate towards your Cisco ASA SSL VPN company URL.
Enter your username and password.
Once you total Most important authentication, the Duo Prompt seems.
Making use of this prompt, users can enroll in Duo or complete two-aspect authentication.
Considering that this person has alreadybeen enrolled in Duo, you can choose Mail Me a Push, Connect with Me, or Enter a Passcode.
Decide on Deliver Me a Thrust to send out a Duo press notificationto your smartphone.
With your cellular phone, open up the notification, faucet the green button toaccept, therefore you're logged in.
Be aware that when usingthe AnyConnect customer, buyers will see a second password discipline.
This field accepts thename of the Duo variable, for instance thrust or cell phone, or a Duo passcode.
On top of that, the AnyConnectclient is not going to update for the elevated sixty 2nd timeout until finally a successful authentication is created.
It is recommended that you utilize a passcode for the 2nd aspect tocomplete your 1st authentication right after updating the AnyConnect timeout.
You may have productively setupDuo two-element authentication to your Cisco ASA SSL VPN.