Avatar of LateNaite
LateNaite
Flag for United States of America asked on

Azure MFA Authentication Cloud Based with Cisco Remote Access VPN

Just wondering if we implement Microsoft Azure Multi-Factor Authentication (2MFA) via O365 Cloud based with Cisco Anyconnect VPN for remote authentication, is the Radius/NPS Integration done using the external interface or internal interface?

Usually with Cisco LDAPS authentication (through port 636 for Secure LDAP authentication) and Radius authentication, this is done through the internal interface so not too concern about the security and communication among the ASA and Radius server.

But if we go with Azure MFA Cloud based, just wondering how this will work and if it will be routed through the internet and how secure is it.  Is it through certificate or will a VPC needed as a prerequisite.

Thank you!
Microsoft 365* multi-factor authenticationCiscoAzure

Avatar of undefined
Last Comment
LateNaite

8/22/2022 - Mon
Shreedhar Ette

The connection from Azure MFA to your infrastructure communication will be external.

Please refer below article for the requirment to implement MFA for Cisco ASA VPN:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-vpn
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension
LateNaite

ASKER
Hi Shreedhar, this doesn't talk about how the NPS extension talks to the Cisco ASA VPN.  If we have Cloud based Azure, is the radius/NPS communication going over the outside interface to authenticate users?  When on-premise, this is all done internally on the inside interface, when it is fine but on the outside, there is a security concern there.
ASKER CERTIFIED SOLUTION
LateNaite

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck