Duo integrates with your Cisco ASA or Firepower VPN to add two-factor authentication to AnyConnect logins. Duo can add two-factor authentication to ASA and Firepower VPN connections in a variety of ways. Learn more about these configurations and choose the best option for your organization. Cisco ASA with AnyConnect. Integrate Duo SAML SSO with Anyconnect Secure Remote Access using ISE Posture Configure Remote Access VPN on FTD Managed by FDM 18-May-2020 ASA/AnyConnect: Dynamic Split Tunneling Configuration Example 14-Apr-2020. Dec 07, 2020 Duo can add two-factor authentication to ASA and Firepower VPN connections in a variety of ways. Learn more about these configurations and choose the best option for your organization. Cisco ASA with AnyConnect ASA SSL VPN using Duo Single Sign-On. Choose this option for the best end-user experience for ASA with a cloud-hosted identity provider. Since the Cisco AnyConnect application does not allow you to choose your authentication method using Duo Prompt, you can use the Duo Append Mode. Append Mode by default sends a push notification to your default device, but also allows you to choose from the following options. Duo will be required when using VPN to access university resources. Duo Mobile Authentication Duo Mobile is a two-factor authentication service that can be utilized for systems that require an additional layer of security such as Esther, VPN and NetID login.
- Duo Anyconnect Login
- Duo Anyconnect Free
- Duo Anyconnect
- Duo Anyconnect Download
- Duo Anyconnect Yubikey
- Duo Anyconnect Azure Ad
You will connect to the VPN using the Cisco AnyConnect client the way as before.
After you enter your HS username and password, you will see an additional field named 'Second Password' or 'Duo Method' to input a secondary identification. Type in the method you want to use - type in 'push' to receive a Duo push notification to the Duo Mobile App on your mobile phone, 'phone' to receive an automated phone call on your enrolled device, or 'sms' to receive an SMS text with a passcode. For example:
Once you input a Duo method and click the 'OK' button, you will be contacted via the method you chose:
Simply respond to the push notification or phone call (from 714-456-3333) with the appropriate action to complete your connection.
If you are not getting push notification or phone call, please logon to the Self-Service Portal to make sure a working number is listed as your primary device.
Depending on how your company configured Duo authentication, you may or may not see a “Passcode” field when using the Cisco AnyConnect client.
Single Password with Automatic Push
If AnyConnect only prompts for a password, like so:
After you submit your login information, an authentication request is automatically sent to you via push to the Duo Mobile app or as a phone call.
Duo Anyconnect Login
Alternatively, you can add a comma (“,”) to the end of your password, followed by a Duo passcode or the name of a Duo factor. Here's how:
| Type... | To... |
|---|---|
| password,passcode | Log in using a passcode, either generated with Duo Mobile, sent via SMS, generated by your hardware token, or provided by an administrator. Examples: 'mypass123,123456' or 'mypass123,1456789' |
| password,push | Push a login request to your phone (if you have Duo Mobile installed and activated on your iOS, Android, or Windows Phone device). Just review the request and tap 'Approve' to log in. |
| password,phone | Authenticate via phone callback. |
| password,sms | Get a new batch of SMS passcodes. Your login attempt will fail — log in again with one of your new passcodes. |
You can also add a number to the end of these factor names if you have more than one device registered. For example, push2 will send a login request to your second phone, phone3 will call your third phone, etc.
Examples
To use Duo Push if your password is 'hunter2', type:
To use the passcode '123456' if your password is 'hunter2', type:
To send new SMS passcodes to your second phone if your password is 'hunter2', type:
The comma is Duo's default separator character between your password and the Duo factor. Your administrator may have changed this to a different character. Be sure to follow the instructions sent to you by your organization if they differ from what's shown here.
Second Password for Factor Selection
If AnyConnect shows a 'Second Password' input field (note that your AnyConnect administrator may have changed the 'Second Password' label to something else):
Use the 'Second Password' field to tell Duo how you want to authenticate. Here's how:
| Type... | To... |
|---|---|
| A passcode | Log in using a passcode, either generated with Duo Mobile, sent via SMS, generated by your hardware token, or provided by an administrator. Examples: '123456' or '1456789' |
| push | Push a login request to your phone (if you have Duo Mobile installed and activated on your iOS, Android, or Windows Phone device). Just review the request and tap 'Approve' to log in. |
| phone | Authenticate via phone callback. |
| sms | Get a new batch of SMS passcodes. Your login attempt will fail — log in again with one of your new passcodes. |
Duo Anyconnect Free
You can also add a number to the end of these factor names if you have more than one device registered. For example, push2 will send a login request to your second phone, phone3 will call your third phone, etc.
Duo Anyconnect
Examples
To send a Duo Push request to your primary phone, type:
Duo Anyconnect Download
To send a Duo Push request to your secondary phone, type:
Duo Anyconnect Yubikey
To use the passcode '123456', type:
Duo Anyconnect Azure Ad
To send new SMS passcodes to your second phone, type: