VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
[Narrator] Hello, I'mMatt from Duo Stability.
During this movie, I'm goingto explain to you how to safeguard your Cisco ASA SSL VPN logins with Duo.
During the setup course of action, you will use the Cisco Adaptive SecurityDevice Supervisor, or ASDM.
Before watching thisvideo, be sure you reference the documentation forinstalling this configuration at duo.
com/docs/cisco.
Note this configuration supports inline self-serviceenrollment and the Duo Prompt.
Our alternate RADIUS-basedCisco configuration presents additional features which includes configurable failmodes, IP deal with-based mostly procedures and autopush authentication, but won't support the Duo Prompt.
Read about that configurationat duo.
com/docs/cisco-alt.
To start with, Ensure that Duo is suitable with your Cisco ASA product.
We assist ASA firmwareversion 8.
3 or afterwards.
You'll be able to Look at whichversion from the ASA firmware your machine is using by logginginto the ASDM interface.
Your firmware Model might be outlined in the Machine Informationbox next to ASA Variation.
Moreover, you must have a Doing the job Principal authentication configurationfor your SSL VPN consumers, including LDAP authenticationto Energetic Listing.
(light tunes) To get going with theinstallation approach, log in on the Duo Admin Panel.
Within the Admin Panel, click on Programs.
Then click Secure an Software.
Key in “cisco”.
Next to the entry for Cisco SSL VPN, click on Defend this Application, which will take you for your newapplication's properties site.
At the highest of this website page, simply click the connection to obtain the Duo Cisco zip bundle.
Note this file includes details particular towards your software.
Unzip it someplace convenientand very easy to entry, like your desktop.
Then click the hyperlink to open up the Duo for Cisco documentation.
Maintain each the documentationand properties pages open while you continue on through the set up approach.
Following making the applicationin the Duo Admin panel and downloading the zip package deal, you'll want to modify thesign-in web page in your VPN.
Log on in your Cisco ASDM.
Click on the configuration tab and then simply click RemoteAccess VPN within the remaining menu.
Navigate to Clientless SSL VPNAccess, Portal, World-wide-web Contents.
Click on Import.
Within the Resource area, pick out Area Computer system, and click on Look through Neighborhood Information.
Locate the Duo-Cisco-[VersionNumber].
js file you extracted in the zip bundle.
Soon after you choose the file, it can seem while in the Web Content Path box.
In the Desired destination segment, beneath Involve authenticationto entry its content?, find the radio button next to No.
Simply click Import Now.
Navigate to Clientless SSL VPN Access, Portal, Customization.
Decide on the CustomizationObject you need to modify.
For this video clip, we will utilize the default customization template.
Click Edit.
Inside the define menu over the still left, below Logon Web site, click Title Panel.
Duplicate the string presented in action 9 of the Modify the signal-in website page area to the Duo Cisco documentationand paste it inside the textual content box.
Substitute “X” With all the fileversion you downloaded.
In such a case, it is actually “6”.
Simply click Alright, then simply click Use.
Now you should insert the Duo LDAP server.
Navigate to AAA/LocalUsers, AAA Server Teams.
In the AAA Server Groupssection at the highest, simply click Incorporate.
From the AAA Server Groupfield, key in Duo-LDAP.
In the Protocol dropdown, find LDAP.
Newer variations of your ASA firmware call for you to provide a realm-id.
In this instance, we will use “one”.
Simply click OK.
Pick the Duo-LDAP team you merely included.
From the Servers within the SelectedGroup segment, click on Include.
Within the Interface Title dropdown, pick your exterior interface.
It could be known as outside the house.
Inside the Server Name or IP deal with industry, paste the API hostname from a software's Homes website page from the Duo Admin Panel.
Set the Timeout to sixty seconds.
This allows your usersenough time through login to answer the Duo two-element ask for.
Verify Enable LDAP around SSL.
Established Server Style to DetectAutomatically/Use Generic Kind.
In The bottom DN subject, enter dc= then paste your integration key from the apps' Attributes webpage inside the Duo Admin Panel.
After that, kind , dc=duosecurity, dc=com Set Scope to 1 levelbeneath the Base DN.
During the Naming Characteristics subject, variety cn.
During the Login DN field, copyand paste the information from the Base DN subject you entered higher than.
During the Login Password industry, paste your software's mystery key from your Houses pagein the Duo Admin Panel.
Click on Alright, https://vpngoup.com then click Use.
Now configure the Duo LDAP server.
While in the remaining sidebar, navigate to Clientless SSL VPNAccess, Link Profiles.
Less than Relationship Profiles, choose the connectionprofile you would like to modify.
For this online video, We'll usethe DefaultWEBVPNGroup.
Click Edit.
Within the remaining menu, beneath Superior, decide on Secondary Authentication.
Decide on Duo-LDAP in the Server Team listing.
Uncheck the Use Nearby ifServer Team fails box.
Look at the box for Use Main username.
Simply click OK, then simply click Use.
If any within your consumers log in as a result of desktop or cellular AnyConnect customers, You will need to enhance the AnyConnectauthentication timeout within the default twelve seconds, so that consumers have enough the perfect time to useDuo Drive or cellphone callback.
From the still left sidebar, navigateto Community (Consumer) Access, AnyConnect Customer Profile.
Find your AnyConnect customer profile.
Click on Edit.
Within the remaining menu, navigateto Tastes (Aspect two).
Scroll for the bottomof the web page and alter the Authentication Timeout(seconds) environment to sixty.
Simply click Alright, then click Utilize.
With anything configured, it is currently time to test your set up.
In an online browser, navigate towards your Cisco ASA SSL VPN services URL.
Enter your username and password.
Once you full Main authentication, the Duo Prompt seems.
Making use of this prompt, end users can enroll in Duo or finish two-component authentication.
Considering that this person has alreadybeen enrolled in Duo, you can pick out Deliver Me a Push, Contact Me, or Enter a Passcode.
Find Deliver Me a Drive to ship a Duo force notificationto your smartphone.
On the cell phone, open up the notification, tap the inexperienced button toaccept, so you're logged in.
Observe that when usingthe AnyConnect client, end users will see a next password field.
This field accepts thename of the Duo element, which include press or cellphone, or perhaps a Duo passcode.
Additionally, the AnyConnectclient will likely not update for the amplified sixty second timeout until eventually a successful authentication is built.
It is usually recommended which you utilize a passcode for your 2nd element tocomplete your first authentication following updating the AnyConnect timeout.
You might have efficiently setupDuo two-variable authentication for your personal Cisco ASA SSL VPN.