Cisco Duo Proxy
An Edgenexus App User Guide
×
Menu
Search
 
   
   
   
 
  (c) Edgenexus Limited, 2021

Real Servers

The Server Tab
The Server Tab is used to specify the Real Server or load-balanced set of Real Servers you are trying to protect with Cisco Duo 2FA. In our example, there is only a single server.
Field
Description
Status
This indicator will display the current status of the connection to the Real Server. See the administration guide for the meaning of status colors.
Activity
Will show whether the Real Server is online or not
Address
The IP Address of the Real Server
Port
The Port configured for accessing the Real Server and its software
Weighting
This field can be configured if required, but we recommend that you let the ADC handle this.
Notes
This field describes Real Server and any relevant notes.
Fill in the details shown in GREEN per your requirements.
23.     Once you have done that, the Status indicator should light up Green, and the VIP and VS lights on the Virtual Services section. If they are not Green, this indicates there may be an issue with connectivity or configuration. An example of this is shown below.
24.     Now click the flightPATH tab. You will see the flightPATH details as shown below.
25.     Please scroll down the Available flightPATHs until you see the RADIUS-Duo rule we created.
26.     Select the rule and click the right arrow button in the central area.
27.     The flightPATH rule will be moved to the Applied flightPATH segment on the right of the arrow buttons.
28.     The rule is immediately applied and is operational.
The Cisco Duo Authentication Proxy has now been installed and is fully operational. The Real Server(s) specified in the Real Servers section are now protected using Cisco Duo authentication using the CDAP engine.
Users navigating the http://192.168.3.219:82, in our example, will see the dialog for authentication shown below. The IP address and Port that you may use will almost definitely be different, perhaps using Port 443.
29.     Enter the username and password of the test user you created in your RADIUS server and the Duo Admin Panel.
30.     If the credentials pass RADIUS authentication, you will soon get a confirmation request in the Cisco Duo Mobile App on the phone associated with the Duo test user. It will look something like the example below.
31.     If you Approve the request, you will be connected to the Real Server configured for the VIP. If you choose to Deny the confirmation request, you will see the login page again along with an error stating the username and/or password are incorrect.
32.     Guides for the iOS and Android phone Apps are available here:
a.     Cisco Duo App User Guide for Apple iOS
b.     Cisco Duo App User Guide for Android