- FMC:
https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/214756-configure-duo-two-factor-authentication.html#anc7
However, kindly know that this document is describing access for Web users only and not CLI, as CLI access using SSO is not supported for CLI users:
https://www.cisco.com/c/en/us/td/docs/security/firepower/670/configuration/guide/fpmc-config-guide-v67/user_accounts_fmc.html#:~:text=SSO%20users%E2%80%94SSO%20users%20have%20web%20interface%20access%20only.
- ASA and ASDM:
Kindly know that ASA CLI and ASDM GUI authentication is only requiring the integration with an external party (e.g. ISE or NPS), however, for ASA we can configure 2FA for VPN AnyConnect users as below:
https://community.cisco.com/t5/security-documents/configure-two-factor-authentication-on-asa-for-cisco-anyconnect/ta-p/3403768
https://duo.com/docs/sso-ciscoasa#:~:text=for%20each%20application.-,Configure%20Cisco%20ASA%20SSO,-Add%20Duo%20Single
But, if we want to use it for CLI access only without VPN, we could use RADIOUS with supposed to be previously configured:
https://community.duo.com/t/secure-cisco-asdm-with-mfa/7516/4
Accordingly, kindly note that directly configuration of 2FA is not yet supported over ASDM, and an enhancement request has been published to document this feature under bug ID (CSCvs85995):
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs85995
Duo service name and tests:
Duo Security Authentication Proxy Service
sc qc DuoAuthProxy
tasklist | findstr proxy_svc.exe
C:\Program Files\Duo Security Authentication Proxy\bin\proxy_svc.exe
Run a powershell as admin:
C:\Program Files\Duo Security Authentication Proxy\bin
.\authproxy_connectivity_tool.exe
No comments:
Post a Comment