VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
[Narrator] Hello, I'mMatt from Duo Protection.
In this movie, I'm goingto demonstrate how to safeguard your Cisco ASA SSL VPN logins with Duo.
In the set up method, you might make use of the Cisco Adaptive SecurityDevice Manager, or ASDM.
Right before looking at thisvideo, you'll want to reference the documentation forinstalling this configuration at duo.
com/docs/cisco.
Note that this configuration supports inline self-serviceenrollment and also the Duo Prompt.
Our alternate RADIUS-basedCisco configuration features supplemental options including configurable failmodes, IP address-based policies and autopush authentication, but will not guidance the Duo Prompt.
Read about that configurationat duo.
com/docs/cisco-alt.
Very first, Guantee that Duo is appropriate along with your Cisco ASA device.
We help ASA firmwareversion eight.
3 or afterwards.
It is possible to check whichversion of your ASA firmware your system is working with by logginginto the ASDM interface.
Your firmware version will be mentioned in the Machine Informationbox beside ASA Variation.
Furthermore, you have to have a Doing work Most important authentication configurationfor your SSL VPN consumers, which include LDAP authenticationto Lively Listing.
(mild music) To get started with theinstallation process, log in to your Duo Admin Panel.
In the Admin Panel, click Purposes.
Then simply click Shield an Application.
Key in “cisco”.
Close to the entry for Cisco SSL VPN, click Defend this Application, which usually takes you for your newapplication's properties site.
At the top of this page, click on the connection to obtain the Duo Cisco zip package.
Be aware that this file is made up of data distinct for your application.
Unzip it somewhere convenientand simple to obtain, like your desktop.
Then click the connection to open up the Duo for Cisco documentation.
Hold each the documentationand Attributes internet pages open when you proceed through the set up method.
Just after making the applicationin the Duo Admin panel and downloading the zip deal, you might want to modify thesign-in web site for the VPN.
Log on to the Cisco ASDM.
Click the configuration tab and after that simply click RemoteAccess VPN within the still left menu.
Navigate to Clientless SSL VPNAccess, Portal, Internet Contents.
Click on Import.
From the Resource section, pick out Nearby Pc, and click Search Regional Files.
Identify the Duo-Cisco-[VersionNumber].
js file you extracted in the zip package deal.
After you choose the file, it will surface within the Website Route box.
Inside the Desired destination segment, beneath Require authenticationto accessibility its material?, pick out the radio button close to No.
Click on Import Now.
Navigate to Clientless SSL VPN Accessibility, Portal, Customization.
Pick out the CustomizationObject you wish to modify.
For this video, We are going to use the default customization template.
Click Edit.
Inside the define menu around the remaining, less than Logon Page, simply click Title Panel.
Duplicate the string provided in move nine from the Modify the sign-in page portion within the Duo Cisco documentationand paste it while in the text box.
Swap “X” With all the fileversion you downloaded.
In such cases, it truly is “six”.
Simply click OK, then simply click Utilize.
Now you'll want to add the Duo LDAP server.
Navigate to AAA/LocalUsers, AAA Server Teams.
In the AAA Server Groupssection at the highest, simply click Increase.
While in the AAA Server Groupfield, key in Duo-LDAP.
From the Protocol dropdown, find LDAP.
More moderen variations on the ASA firmware call for you to provide a realm-id.
In this example, we will use “one”.
Click on Okay.
Pick the Duo-LDAP group you just added.
From the Servers from the SelectedGroup area, simply click Insert.
Inside the Interface Title dropdown, choose your external interface.
It could be identified as exterior.
During the Server Identify or IP deal with area, paste the API hostname from the application's Houses site while in the Duo Admin Panel.
Established the Timeout to sixty seconds.
This will allow your usersenough time for the duration of login to answer the Duo two-component ask for.
Verify Allow LDAP above SSL.
Established Server Sort to DetectAutomatically/Use Generic Style.
In The bottom DN field, enter dc= then paste your integration crucial with the purposes' Qualities webpage while in the Duo Admin Panel.
Following that, form , dc=duosecurity, dc=com Established Scope to 1 levelbeneath The bottom DN.
Within the Naming Attributes area, type cn.
In the Login DN discipline, copyand paste the knowledge through the Foundation DN industry you entered previously mentioned.
Within the Login Password area, paste your software's solution vital within the Homes pagein the Duo Admin Panel.
Simply click OK, then simply click Apply.
Now configure the Duo LDAP server.
Within the remaining sidebar, navigate to Clientless SSL VPNAccess, Relationship Profiles.
Beneath Link Profiles, choose the connectionprofile you want to modify.
For this video clip, we will usethe DefaultWEBVPNGroup.
Click on Edit.
In the remaining menu, underneath Innovative, find Secondary Authentication.
Choose Duo-LDAP inside the Server Group list.
Uncheck the Use Neighborhood ifServer Team fails box.
Verify the box to be used Major username.
Click on Alright, then simply click Implement.
If any of your respective customers log in as a result of desktop or cellular AnyConnect purchasers, you'll need to enhance the AnyConnectauthentication timeout from your default 12 seconds, in order that customers have enough time for you to useDuo Press or cell phone callback.
In the left sidebar, navigateto Network (Client) Access, AnyConnect Client Profile.
Pick out your AnyConnect client profile.
Click on Edit.
During the still left menu, navigateto Preferences (Section two).
Scroll for the bottomof the web site and alter the Authentication Timeout(seconds) placing to 60.
Simply click Alright, then click on Implement.
With everything configured, now it is time to check your setup.
In an online browser, navigate towards your Cisco ASA SSL VPN service URL.
Enter your username and password.
After you entire Major authentication, the Duo Prompt seems.
Applying this prompt, customers can enroll in Duo or total two-component authentication.
Considering that this consumer has alreadybeen enrolled in Duo, you could select Deliver Me a Press, Contact Me, or Enter a Passcode.
Pick out Send Me a Press to mail a Duo press notificationto your smartphone.
On your own cellphone, open the notification, faucet the environmentally friendly button toaccept, so you're logged in.
Notice that when usingthe AnyConnect client, consumers will see a 2nd password discipline.
This subject accepts thename of a Duo issue, for instance press or cellular phone, or even a Duo passcode.
In addition, the AnyConnectclient won't update to your greater 60 next timeout until eventually A prosperous authentication is produced.
It is recommended that you choose to utilize a passcode on your next factor tocomplete your very first authentication right after updating the AnyConnect timeout.
You may have correctly setupDuo two-component authentication in your Cisco ASA SSL VPN.
https://vpngoup.com