We help IT Professionals succeed at work.

Azure MFA Authentication Cloud Based with Cisco Remote Access VPN

1,300 Views
Last Modified: 2019-02-23
Just wondering if we implement Microsoft Azure Multi-Factor Authentication (2MFA) via O365 Cloud based with Cisco Anyconnect VPN for remote authentication, is the Radius/NPS Integration done using the external interface or internal interface?

Usually with Cisco LDAPS authentication (through port 636 for Secure LDAP authentication) and Radius authentication, this is done through the internal interface so not too concern about the security and communication among the ASA and Radius server.

But if we go with Azure MFA Cloud based, just wondering how this will work and if it will be routed through the internet and how secure is it.  Is it through certificate or will a VPC needed as a prerequisite.

Thank you!
Comment
Watch Question

Shreedhar EtteTechnical Manager
CERTIFIED EXPERT
Top Expert 2010

Commented:
The connection from Azure MFA to your infrastructure communication will be external.

Please refer below article for the requirment to implement MFA for Cisco ASA VPN:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-vpn
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension
LateNaiteCEO and Founder

Author

Commented:
Hi Shreedhar, this doesn't talk about how the NPS extension talks to the Cisco ASA VPN.  If we have Cloud based Azure, is the radius/NPS communication going over the outside interface to authenticate users?  When on-premise, this is all done internally on the inside interface, when it is fine but on the outside, there is a security concern there.
CEO and Founder
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.