Cisco Duo Proxy
An Edgenexus App User Guide
×
Menu
Search
 
   
   
   
 
  (c) Edgenexus Limited, 2021

Creating the Cisco Duo Virtual Service

To make use of the Cisco Dup Authentication Proxy (CDAP), we need to create the Virtual IP (VIP) and Virtual Service (VS). It is this VIP that users will aim their browsers to access the software.
1.     Navigate to Services > IP Services using the left-side navigation panel.
2.     The IP Services panel will be shown on the right side.
3.     The IP Services panel consists of 2 main sections: Virtual Services and Real Servers.
4.     Click the Add Service button in the Virtual Services section. Fill in the details that are relevant to your network infrastructure. We have highlighted the areas you need to specify in GREEN. Remember to set the Service Type as HTTP.
Field
Description
Primary/Mode
An auto-populated field that indicates whether the VIP is Active, In Drain, or Disabled
VIP
A visual indicator that displays in a variety of colors to show the status of the VIP. See Admin Guide.
VS
A visual indicator that displays in a variety of colors to show the status of the VS. See Admin Guide.
Enabled
A checkbox used to enable or disable the VIP/VS
IP Address
The IP address that users will use to access the software – Please add the IP address you are going to use
Subnet Mask/Prefix
The relevant and applicable subnet mask for your network segment
Port
The Port that the users will specify in the URL (in our example, we are using 82)
Service Name
A short name for the VIP/VS
Service Type
This drop-down should be set to HTTP as we are going to use a flightPATH rule
Now we will start configuring the Real Servers section.
The Server Tab
The Server Tab is used to specify the Real Server or load-balanced set of Real Servers you are trying to protect with Cisco Duo 2FA. In our example, there is only a single server.
Field
Description
Status
This indicator will display the current status of the connection to the Real Server. See the administration guide for the meaning of status colors.
Activity
Will show whether the Real Server is online or not
Address
The IP Address of the Real Server
Port
The Port configured for accessing the Real Server and its software
Weighting
This field can be configured if required, but we recommend that you let the ADC handle this.
Notes
This field describes Real Server and any relevant notes.
Fill in the details shown in GREEN per your requirements.
7.     Once you have done that, the Status indicator should light up Green, and the VIP and VS lights on the Virtual Services section. If they are not Green, this indicates there may be an issue with connectivity or configuration. An example of this is shown below.
8.     Now click the flightPATH tab. You will see the flightPATH details as shown below.
9.     Please scroll down the Available flightPATHs until you see the LDAP-Duo rule we created.
10.     Select the rule and click the right arrow button in the central area.
11.     The flightPATH rule will be moved to the Applied flightPATH segment on the right of the arrow buttons.
12.     The rule is immediately applied and is operational.
The Cisco Duo Authentication Proxy has now been installed and is fully operational. The Real Server(s) specified in the Real Servers section are now protected using Cisco Duo authentication using the CDAP engine.
Users navigating the http://192.168.3.219:82, in our example, will see the dialog for authentication shown below. The IP address and Port you may use will almost definitely be different, perhaps using Port 443.
13.     Enter the username and password of the test user you created in your LDAP server and the Duo Admin Panel.
14.     If the credentials pass LDAP authentication, you will soon get a confirmation request in the Cisco Duo Mobile App on the phone associated with the Duo test user. It will look something like the example below.
15.     If you Approve the request, you will be connected to the Real Server configured for the VIP. If you choose to Deny the confirmation request, you will see the login page again along with an error stating the username and/or password are incorrect.
16.     Guides for the iOS and Android phone Apps are available here:
a.     Cisco Duo App User Guide for Apple iOS
b.     Cisco Duo App User Guide for Android