VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
[Narrator] Hello, I'mMatt from Duo Protection.
On this movie, I am goingto demonstrate how to protect your Cisco ASA SSL VPN logins with Duo.
Throughout the setup system, you'll make use of the Cisco Adaptive SecurityDevice Supervisor, or ASDM.
Prior to watching thisvideo, you should definitely reference the documentation forinstalling this configuration at duo.
com/docs/cisco.
Observe that this configuration supports inline self-serviceenrollment along with the Duo Prompt.
Our alternate RADIUS-basedCisco configuration offers added capabilities including configurable failmodes, IP deal with-dependent guidelines and autopush authentication, but will not guidance the Duo Prompt.
Read about that configurationat duo.
com/docs/cisco-alt.
To start with, Make certain that Duo is suitable along with your Cisco ASA system.
We help ASA firmwareversion eight.
three or later on.
It is possible to Examine whichversion on the ASA firmware your unit is working with by logginginto the ASDM interface.
Your firmware version is going to be mentioned while in the System Informationbox beside ASA Model.
On top of that, you will need to have a Doing work Principal authentication configurationfor your SSL VPN people, such as LDAP authenticationto Energetic Directory.
(light-weight audio) To get started with theinstallation method, log in to your Duo Admin Panel.
Within the Admin Panel, click on Apps.
Then click Shield an Software.
Key in “cisco”.
Next to the entry for Cisco SSL VPN, click Guard this Application, which normally takes you to your newapplication's Attributes web site.
At the best of the web site, simply click the connection to down load the Duo Cisco zip package.
Note this file incorporates facts particular towards your software.
Unzip it someplace convenientand easy to accessibility, like your desktop.
Then click on the url to open up the Duo for Cisco documentation.
Retain both of those the documentationand Attributes webpages open up while you keep on from the set up method.
After generating the applicationin the Duo Admin panel and downloading the zip package deal, you'll want to modify thesign-in web page for your VPN.
Go surfing for your Cisco ASDM.
Click on the configuration tab after which you can click RemoteAccess VPN within the remaining menu.
Navigate to Clientless SSL VPNAccess, Portal, Web Contents.
Click on Import.
Inside the Supply segment, pick Regional Computer system, and click Search Nearby Files.
Identify the Duo-Cisco-[VersionNumber].
js file you extracted with the zip bundle.
After you choose the file, it'll seem while in the Online page Route box.
Within the Destination segment, beneath Demand authenticationto entry its content?, pick out the radio button close to No.
Click on Import Now.
Navigate to Clientless SSL VPN Accessibility, Portal, Customization.
Select the CustomizationObject you should modify.
For this online video, We'll utilize the default customization template.
Click Edit.
Within the outline menu about the remaining, under Logon Web site, click on Title Panel.
Copy the string offered in move https://vpngoup.com nine of your Modify the indication-in site part around the Duo Cisco documentationand paste it within the text box.
Substitute “X” Using the fileversion you downloaded.
In such cases, it is actually “6”.
Simply click Alright, then simply click Implement.
Now you'll want to increase the Duo LDAP server.
Navigate to AAA/LocalUsers, AAA Server Groups.
From the AAA Server Groupssection at the highest, simply click Increase.
In the AAA Server Groupfield, type in Duo-LDAP.
In the Protocol dropdown, choose LDAP.
More recent versions with the ASA firmware need you to provide a realm-id.
In this instance, We're going to use “one”.
Simply click Alright.
Pick out the Duo-LDAP team you only additional.
During the Servers inside the SelectedGroup area, click Increase.
From the Interface Identify dropdown, choose your external interface.
It could be referred to as outdoors.
Within the Server Title or IP address industry, paste the API hostname from the application's properties page within the Duo Admin Panel.
Set the Timeout to sixty seconds.
This will permit your usersenough time all through login to answer the Duo two-component ask for.
Check Help LDAP over SSL.
Established Server Sort to DetectAutomatically/Use Generic Kind.
In The bottom DN area, enter dc= then paste your integration crucial with the programs' Qualities web page during the Duo Admin Panel.
Following that, type , dc=duosecurity, dc=com Established Scope to at least one levelbeneath the Base DN.
While in the Naming Characteristics field, type cn.
Inside the Login DN subject, copyand paste the knowledge in the Foundation DN industry you entered higher than.
Inside the Login Password discipline, paste your application's secret key in the Houses pagein the Duo Admin Panel.
Click on Alright, then simply click Implement.
Now configure the Duo LDAP server.
During the left sidebar, navigate to Clientless SSL VPNAccess, Relationship Profiles.
Less than Relationship Profiles, find the connectionprofile you would like to modify.
For this video clip, We are going to usethe DefaultWEBVPNGroup.
Simply click Edit.
In the left menu, under Superior, select Secondary Authentication.
Pick out Duo-LDAP from the Server Group list.
Uncheck the Use LOCAL ifServer Group fails box.
Examine the box to be used Major username.
Simply click OK, then click Utilize.
If any of the consumers log in by means of desktop or cell AnyConnect clientele, You'll have to improve the AnyConnectauthentication timeout with the default 12 seconds, to ensure people have ample the perfect time to useDuo Push or cellphone callback.
Within the left sidebar, navigateto Network (Shopper) Entry, AnyConnect Shopper Profile.
Decide on your AnyConnect shopper profile.
Click Edit.
From the remaining menu, navigateto Choices (Portion two).
Scroll for the bottomof the web site and alter the Authentication Timeout(seconds) placing to 60.
Simply click OK, then click on Apply.
With almost everything configured, it's now time to check your setup.
In an internet browser, navigate for your Cisco ASA SSL VPN support URL.
Enter your username and password.
Once you complete primary authentication, the Duo Prompt seems.
Making use of this prompt, users can enroll in Duo or full two-aspect authentication.
Considering that this person has alreadybeen enrolled in Duo, you could pick Send Me a Push, Phone Me, or Enter a Passcode.
Decide on Send Me a Force to mail a Duo thrust notificationto your smartphone.
On your cellular phone, open the notification, tap the eco-friendly button toaccept, and you simply're logged in.
Note that when usingthe AnyConnect shopper, people will see a next password discipline.
This field accepts thename of the Duo component, including force or cellphone, or possibly a Duo passcode.
Furthermore, the AnyConnectclient won't update for the enhanced 60 2nd timeout right until A prosperous authentication is produced.
It is recommended that you utilize a passcode in your 2nd element tocomplete your 1st authentication right after updating the AnyConnect timeout.
You might have productively setupDuo two-component authentication in your Cisco ASA SSL VPN.