VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
[Narrator] Hi, I'mMatt from Duo Security.
With this video, I am goingto teach you how to protect your Cisco ASA SSL VPN logins with Duo.
Throughout the setup approach, you'll make use of the Cisco Adaptive SecurityDevice Manager, or ASDM.
Ahead of viewing thisvideo, make sure to reference the documentation forinstalling this configuration at duo.
com/docs/cisco.
Take note this configuration supports inline self-serviceenrollment as well as Duo Prompt.
Our alternate RADIUS-basedCisco configuration gives supplemental attributes together with configurable failmodes, IP handle-based guidelines and autopush authentication, but isn't going to support the Duo Prompt.
Read about that configurationat duo.
com/docs/cisco-alt.
1st, Make certain that Duo is suitable with your Cisco ASA system.
We assistance ASA firmwareversion eight.
3 or later on.
You are able to Look at whichversion from the ASA firmware your gadget is utilizing by logginginto the ASDM interface.
Your firmware version are going to be shown during the Machine Informationbox close to ASA Variation.
In addition, you needs to have a Doing the job Most important authentication configurationfor your SSL VPN end users, for instance LDAP authenticationto Energetic Listing.
(light audio) To start with theinstallation process, log in to the Duo Admin Panel.
While in the Admin Panel, click Apps.
Then click on Secure an Application.
Key in “cisco”.
Beside the entry for Cisco SSL VPN, click on Defend this Software, which requires you to the newapplication's Attributes web site.
At the best of the webpage, click on the url to obtain the Duo Cisco zip bundle.
Observe this file contains information distinct for your application.
Unzip it somewhere convenientand very easy to entry, like your desktop.
Then click on the hyperlink to open up the Duo for Cisco documentation.
Keep both the documentationand properties internet pages open up when you continue on throughout the setup system.
Immediately after building the applicationin the Duo Admin panel and downloading the zip offer, you must modify thesign-in web site to your VPN.
Log on to the Cisco ASDM.
Click on the configuration tab and afterwards click RemoteAccess VPN within the left menu.
Navigate to Clientless SSL VPNAccess, Portal, Net Contents.
Simply click Import.
From the Supply part, select Area Pc, and click Search Nearby Data files.
Identify the Duo-Cisco-[VersionNumber].
js file you extracted through the zip package deal.
Just after you choose the file, it is going to surface within the Online page Path box.
In the Place part, below Involve authenticationto accessibility its content?, pick out the radio button close to No.
Click on Import Now.
Navigate to Clientless SSL VPN Entry, Portal, Customization.
Select the CustomizationObject you should modify.
For this video, We're going to use the default customization template.
Click Edit.
While in the define menu about the still left, beneath Logon Website page, simply click Title Panel.
Copy the string delivered in move 9 in the Modify the sign-in page section within the Duo Cisco documentationand paste it during the textual content box.
Replace “X” Along with the fileversion you downloaded.
In this instance, it is “six”.
Click OK, then click Implement.
Now you need to insert the Duo LDAP server.
Navigate to AAA/LocalUsers, AAA Server Teams.
Within the AAA Server Groupssection at the best, click on Incorporate.
Inside the AAA Server Groupfield, key in Duo-LDAP.
In the Protocol dropdown, find LDAP.
Newer versions of your ASA firmware need you to provide a realm-id.
In this instance, We'll use “1”.
Click on Okay.
Pick out the Duo-LDAP team you merely additional.
During the Servers while in the SelectedGroup portion, click on Add.
While in the Interface Name dropdown, pick your exterior interface.
It might be known as outside.
While in the Server Identify or IP handle subject, paste the API hostname from the application's Qualities page in the Duo Admin Panel.
Established the Timeout to sixty seconds.
This will allow your usersenough time during login to reply to the Duo two-issue ask for.
Test Allow LDAP above SSL.
Set Server Type to DetectAutomatically/Use Generic Type.
In the Base DN field, enter dc= then paste your integration essential from the purposes' https://vpngoup.com Homes website page within the Duo Admin Panel.
After that, sort , dc=duosecurity, dc=com Established Scope to at least one levelbeneath the Base DN.
From the Naming Attributes subject, form cn.
Inside the Login DN discipline, copyand paste the knowledge from the Base DN subject you entered higher than.
Inside the Login Password field, paste your software's magic formula critical through the Qualities pagein the Duo Admin Panel.
Click OK, then click on Implement.
Now configure the Duo LDAP server.
From the left sidebar, navigate to Clientless SSL VPNAccess, Relationship Profiles.
Beneath Relationship Profiles, decide on the connectionprofile you ought to modify.
For this movie, We'll usethe DefaultWEBVPNGroup.
Click Edit.
In the remaining menu, less than Superior, select Secondary Authentication.
Pick Duo-LDAP in the Server Team checklist.
Uncheck the Use Area ifServer Team fails box.
Examine the box to be used Principal username.
Simply click Alright, then click Implement.
If any of your respective users log in by desktop or cell AnyConnect consumers, You'll have to improve the AnyConnectauthentication timeout through the default 12 seconds, making sure that people have enough time for you to useDuo Thrust or cellphone callback.
From the left sidebar, navigateto Network (Shopper) Obtain, AnyConnect Customer Profile.
Choose your AnyConnect client profile.
Click on Edit.
From the still left menu, navigateto Tastes (Element 2).
Scroll to the bottomof the web site and alter the Authentication Timeout(seconds) setting to 60.
Simply click OK, then click on Use.
With every thing configured, it is currently time to check your setup.
In a web browser, navigate for your Cisco ASA SSL VPN company URL.
Enter your username and password.
After you comprehensive Main authentication, the Duo Prompt seems.
Using this prompt, customers can enroll in Duo or full two-component authentication.
Considering that this person has alreadybeen enrolled in Duo, you'll be able to find Send Me a Push, Call Me, or Enter a Passcode.
Select Ship Me a Drive to send a Duo force notificationto your smartphone.
On your own cellular phone, open up the notification, faucet the green button toaccept, and also you're logged in.
Take note that when usingthe AnyConnect client, users will see a second password area.
This industry accepts thename of a Duo component, including force or mobile phone, or even a Duo passcode.
Additionally, the AnyConnectclient will likely not update for the elevated sixty 2nd timeout until finally An effective authentication is produced.
It is recommended that you utilize a passcode for the second aspect tocomplete your initial authentication after updating the AnyConnect timeout.
You've productively setupDuo two-issue authentication for your personal Cisco ASA SSL VPN.