VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
[Narrator] Hi, I'mMatt from Duo Safety.
During this movie, I am goingto teach you how to guard your Cisco ASA SSL VPN logins with Duo.
Throughout the setup course of action, you might use the Cisco Adaptive SecurityDevice Supervisor, or ASDM.
In advance of watching thisvideo, make sure you reference the documentation forinstalling this configuration at duo.
com/docs/cisco.
Note this configuration supports inline self-serviceenrollment along with the Duo Prompt.
Our alternate RADIUS-basedCisco configuration provides more attributes which includes configurable failmodes, IP address-based insurance policies and autopush authentication, but will not assist the Duo Prompt.
Examine that configurationat duo.
com/docs/cisco-alt.
Initially, Be certain that Duo is appropriate using your Cisco ASA product.
We assist ASA firmwareversion eight.
three or later.
It is possible to Look at whichversion from the ASA firmware your machine is using by logginginto the ASDM interface.
Your firmware version will be mentioned within the Unit Informationbox close to ASA Model.
In addition, you need to have a Doing work Major authentication configurationfor your SSL VPN consumers, such as LDAP authenticationto Active Listing.
(gentle audio) To get going with theinstallation system, log in to your Duo Admin Panel.
Within the Admin Panel, click Applications.
Then click on Protect an Application.
Key in “cisco”.
Beside the entry for Cisco SSL VPN, simply click Secure this Software, which takes you on your newapplication's Qualities web page.
At the top of this site, simply click the link to down load the Duo Cisco zip deal.
Note that this file contains info distinct to the software.
Unzip it someplace convenientand easy to accessibility, like your desktop.
Then click on the hyperlink to open up the Duo for Cisco documentation.
Keep both of those the documentationand Homes pages open as you go on through the set up system.
Right after generating the applicationin the Duo Admin panel and downloading the zip deal, you might want to modify thesign-in website page for the VPN.
Go browsing in your Cisco ASDM.
Simply click the configuration tab and afterwards simply click RemoteAccess VPN during the left menu.
Navigate to Clientless SSL VPNAccess, Portal, Internet Contents.
Simply click Import.
From the Source portion, pick Community Pc, and click on Search Regional Files.
Find the Duo-Cisco-[VersionNumber].
js file you extracted through the zip bundle.
Immediately after you choose the file, it will look within the Web page Route box.
While in the Place part, beneath Need authenticationto access its written content?, pick the radio button close to No.
Click Import Now.
Navigate to Clientless SSL VPN Accessibility, Portal, Customization.
Find the CustomizationObject you would like to modify.
For this video clip, We are going to use the default customization template.
Click Edit.
From the outline menu about the still left, under Logon Web page, simply click Title Panel.
Copy the string presented in phase 9 of your Modify the indicator-in web page part to the Duo Cisco documentationand paste it inside the text box.
Switch “X” Using the fileversion you downloaded.
In cases like this, it is “six”.
Click Okay, then click Use.
Now you'll want to include the Duo LDAP server.
Navigate to AAA/LocalUsers, AAA Server Groups.
Within the AAA Server Groupssection at the very best, simply click Add.
While in the AAA Server Groupfield, type in Duo-LDAP.
From the Protocol dropdown, choose LDAP.
More moderen variations of your ASA firmware require you to offer a realm-id.
In this instance, We'll use “one”.
Simply click Alright.
Decide on the Duo-LDAP group you merely included.
While in the Servers from the SelectedGroup area, simply click Incorporate.
Inside the Interface Name dropdown, opt for your exterior interface.
It could be termed outdoors.
Within the Server Title or IP handle discipline, paste the API hostname from the application's properties web page from the Duo Admin Panel.
Set the Timeout to 60 seconds.
This allows your usersenough time for the duration of login to reply to the Duo two-variable ask for.
Examine Empower LDAP more than SSL.
Set Server Variety to DetectAutomatically/Use Generic Kind.
In The bottom DN area, enter dc= then paste your integration crucial within the purposes' Qualities page from the Duo Admin Panel.
Following that, style , dc=duosecurity, dc=com Set Scope to One levelbeneath The bottom DN.
During the Naming Characteristics area, type cn.
Within the Login DN field, copyand paste the knowledge from the Base DN area you entered over.
Within the Login Password discipline, paste your application's key crucial from the Houses pagein the Duo Admin Panel.
Click on Alright, then simply click Utilize.
Now configure the Duo LDAP server.
While in the left sidebar, navigate to Clientless SSL VPNAccess, Relationship Profiles.
Beneath Relationship Profiles, choose the connectionprofile you want to modify.
For this movie, We'll usethe DefaultWEBVPNGroup.
Click Edit.
Within the left menu, under Sophisticated, select Secondary Authentication.
Decide on Duo-LDAP during the Server Group record.
Uncheck the Use Nearby ifServer Group fails box.
Check the box for Use Key username.
Click Alright, then click on Use.
If any within your customers log in by way of desktop or cellular AnyConnect purchasers, you'll need to increase the AnyConnectauthentication timeout in the default 12 seconds, making sure that consumers have sufficient the perfect time to useDuo Thrust or cell phone callback.
Within the remaining sidebar, navigateto Network (Consumer) Access, AnyConnect Consumer Profile.
Pick your AnyConnect shopper profile.
Click on Edit.
During the still left menu, navigateto Choices (Portion two).
Scroll to the bottomof the web page and alter the Authentication Timeout(seconds) placing to sixty.
Simply click OK, then click on Implement.
With almost everything configured, it https://vpngoup.com is currently time to test your set up.
In a web browser, navigate for your Cisco ASA SSL VPN provider URL.
Enter your username and password.
Once you total Key authentication, the Duo Prompt appears.
Applying this prompt, people can enroll in Duo or entire two-element authentication.
Given that this user has alreadybeen enrolled in Duo, you'll be able to choose Mail Me a Thrust, Call Me, or Enter a Passcode.
Pick out Ship Me a Drive to deliver a Duo press notificationto your smartphone.
With your cell phone, open the notification, faucet the eco-friendly button toaccept, therefore you're logged in.
Be aware that when usingthe AnyConnect customer, consumers will see a second password area.
This field accepts thename of the Duo factor, like drive or mobile phone, or even a Duo passcode.
On top of that, the AnyConnectclient is not going to update towards the improved 60 next timeout till A prosperous authentication is created.
It is recommended that you just use a passcode in your 2nd factor tocomplete your initially authentication after updating the AnyConnect timeout.
You have got successfully setupDuo two-component authentication in your Cisco ASA SSL VPN.