![]() ![]() Duo Authentication Proxy version 3.0.0 running on Windows 10 and Ubuntu 18.Cisco ISE running on version 2.6 - patch-1.Active Directory running on Microsoft Server 2016. ![]() The ISE deployment is properly licensed.The ISE deployment is already integrated with Active Directory.Your network access devices (Routers, Switches, Firewalls, etc) are already configured for AAA (TACACS+) with ISE.You have good/solid understanding of AAA concepts and configurations.Authentication proxy informs ISE of a successful Authentication.Duo informs the Authentication Proxy of the successful push.Duo cloud sends a "push" to the admin user.Upon successful AD authentication, the Authentication Proxy sends an authentication request to Duo cloud for 2nd factor authentication.Active Directory informs the Authentication Proxy if the authentication was successful.The proxy forwards the request to Active Directory for the 1st factor authentication.ISE sends the authentication request to Duo's Authentication Proxy.Network device forwards the request to the TACACS+ server (ISE).Admin user initiates a shell connection to a network device where he/she uses Active Directory based credentials.Note: For integration with Duo, ISE and local (ISE) datastore, please visit the following link: The proxy will check AD and if the authentication is successful, the end user/admin will be send a "Duo Push." If the AD authentication fails, then the process will stop and no "Duo Push" will occur. In this setup, ISE will forward the TACACS+ authentication requests to the Duo Authentication proxy. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |