VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
[Narrator] Hi, I'mMatt from Duo Safety.
On this online video, I am goingto show you how to shield your Cisco ASA SSL VPN logins with Duo.
Over the set up approach, you are going to utilize the Cisco Adaptive SecurityDevice Manager, or ASDM.
Before viewing thisvideo, be sure you reference the documentation forinstalling this configuration at duo.
com/docs/cisco.
Observe this configuration supports inline self-serviceenrollment as well as Duo Prompt.
Our alternate RADIUS-basedCisco configuration presents additional characteristics like configurable failmodes, IP address-based guidelines and autopush authentication, but won't aid the Duo Prompt.
Read about that configurationat duo.
com/docs/cisco-alt.
Initially, make sure that Duo is appropriate with your Cisco ASA device.
We help ASA firmwareversion eight.
three or later on.
It is possible to Test whichversion of the ASA firmware your product is applying by logginginto the ASDM interface.
Your firmware Model is going to be stated while in the Device Informationbox next to ASA Model.
In addition, you must have a Doing the job Main authentication configurationfor your SSL VPN consumers, which include LDAP authenticationto Lively Directory.
(light-weight audio) To get going with theinstallation system, log in on the Duo Admin Panel.
Within the Admin Panel, click Apps.
Then click on Secure an Software.
Key in “cisco”.
Beside the entry for Cisco SSL VPN, click Safeguard this Application, which normally takes you in your newapplication's Houses page.
At the very best of this website page, click on the backlink to obtain the Duo Cisco zip deal.
Take note this file has facts certain towards your application.
Unzip it someplace convenientand easy to accessibility, like your desktop.
Then click on the link to open up the Duo for Cisco documentation.
Keep both of those the documentationand properties web pages open while you continue on in the set up course of action.
Soon after creating the applicationin the Duo Admin panel and downloading the zip package deal, you must modify thesign-in web site to your VPN.
Go browsing on your Cisco ASDM.
Click the configuration tab and then click on RemoteAccess VPN while in the still left menu.
Navigate to Clientless SSL VPNAccess, Portal, Website Contents.
Click Import.
Within the Resource area, pick Nearby Computer system, and click Search Area Files.
Find the Duo-Cisco-[VersionNumber].
js file you extracted from the zip offer.
Following you select the file, it is going to show up within the Web Content Path box.
From the Location segment, beneath Demand authenticationto accessibility its information?, find the radio button beside No.
Click Import Now.
Navigate to Clientless SSL VPN Accessibility, Portal, Customization.
Pick the CustomizationObject you would like to modify.
For this movie, we will utilize the default customization template.
Click on Edit.
While in the outline menu on the left, underneath Logon Web page, click on Title Panel.
Copy the string supplied in move nine of the Modify the indicator-in web site segment within the Duo Cisco documentationand paste it while in the textual content box.
Switch “X” Together with the fileversion you downloaded.
In this case, it is actually “six”.
Click Okay, then click on Utilize.
Now you must add the Duo LDAP server.
Navigate to AAA/LocalUsers, AAA Server Teams.
Inside the AAA Server Groupssection at the top, click on Include.
In the AAA Server Groupfield, key in Duo-LDAP.
In the Protocol dropdown, select LDAP.
More recent versions with the ASA firmware involve you to provide a realm-id.
In this example, we will use “one”.
Click on OK.
Choose the Duo-LDAP team you only added.
Within the Servers within the SelectedGroup segment, click on Incorporate.
In the Interface Identify dropdown, select your external interface.
It may be referred to as exterior.
While in the Server Name or IP tackle area, paste the API hostname from the software's Homes website page inside the Duo Admin Panel.
Established the Timeout to sixty seconds.
This will allow your usersenough time all through login to answer the Duo two-component ask for.
Check Empower LDAP above SSL.
Set Server Type to DetectAutomatically/Use Generic Sort.
In The bottom DN area, enter dc= then paste your integration vital through the programs' Attributes webpage during the Duo Admin Panel.
Following that, variety , dc=duosecurity, dc=com Established Scope to 1 levelbeneath The bottom DN.
During the Naming Attributes field, variety cn.
From the Login DN discipline, copyand paste the information through the Base DN discipline you entered over.
While in the Login Password industry, paste your application's secret key with the Houses pagein the Duo Admin Panel.
Click Okay, then click Use.
Now configure the Duo LDAP server.
Inside the still left sidebar, navigate to Clientless SSL VPNAccess, Connection Profiles.
Below Link Profiles, choose the connectionprofile you wish to modify.
For this video clip, https://vpngoup.com we will usethe DefaultWEBVPNGroup.
Click on Edit.
Inside the remaining menu, less than Superior, find Secondary Authentication.
Select Duo-LDAP from the Server Team list.
Uncheck the Use Community ifServer Team fails box.
Test the box to be used Most important username.
Click on Okay, then click Implement.
If any within your buyers log in by means of desktop or mobile AnyConnect clientele, You will need to enhance the AnyConnectauthentication timeout with the default 12 seconds, in order that buyers have plenty of the perfect time to useDuo Force or telephone callback.
During the left sidebar, navigateto Community (Consumer) Entry, AnyConnect Consumer Profile.
Pick out your AnyConnect client profile.
Click on Edit.
Within the still left menu, navigateto Tastes (Portion two).
Scroll towards the bottomof the web site and alter the Authentication Timeout(seconds) location to sixty.
Click on OK, then simply click Use.
With every little thing configured, it's now time to check your setup.
In an online browser, navigate for your Cisco ASA SSL VPN company URL.
Enter your username and password.
After you finish Principal authentication, the Duo Prompt seems.
Working with this prompt, people can enroll in Duo or full two-aspect authentication.
Considering that this consumer has alreadybeen enrolled in Duo, you are able to find Send Me a Thrust, Call Me, or Enter a Passcode.
Pick out Send Me a Push to send a Duo press notificationto your smartphone.
On the cell phone, open the notification, faucet the environmentally friendly button toaccept, and you simply're logged in.
Take note that when usingthe AnyConnect consumer, users will see a second password field.
This industry accepts thename of the Duo element, such as thrust or phone, or a Duo passcode.
In addition, the AnyConnectclient will never update for the enhanced 60 2nd timeout till a successful authentication is designed.
It is suggested which you make use of a passcode to your second issue tocomplete your 1st authentication just after updating the AnyConnect timeout.
You've got productively setupDuo two-factor authentication on your Cisco ASA SSL VPN.