Start Free TrialLog in
Avatar of Paula Wong
Paula WongFlag for United States of America

asked on 

Azure MFA Authentication Cloud Based with Cisco Remote Access VPN

Just wondering if we implement Microsoft Azure Multi-Factor Authentication (2MFA) via O365 Cloud based with Cisco Anyconnect VPN for remote authentication, is the Radius/NPS Integration done using the external interface or internal interface?

Usually with Cisco LDAPS authentication (through port 636 for Secure LDAP authentication) and Radius authentication, this is done through the internal interface so not too concern about the security and communication among the ASA and Radius server.

But if we go with Azure MFA Cloud based, just wondering how this will work and if it will be routed through the internet and how secure is it.  Is it through certificate or will a VPC needed as a prerequisite.

Thank you!
Microsoft 365* multi-factor authenticationCiscoAzure
Avatar of undefined
Last Comment
Paula Wong
Avatar of Shreedhar Ette
Shreedhar Ette
Flag of India image
The connection from Azure MFA to your infrastructure communication will be external.

Please refer below article for the requirment to implement MFA for Cisco ASA VPN:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-vpn
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension
Avatar of Paula Wong
Paula Wong
Flag of United States of America image

ASKER

Hi Shreedhar, this doesn't talk about how the NPS extension talks to the Cisco ASA VPN.  If we have Cloud based Azure, is the radius/NPS communication going over the outside interface to authenticate users?  When on-premise, this is all done internally on the inside interface, when it is fine but on the outside, there is a security concern there.
ASKER CERTIFIED SOLUTION
Avatar of Paula Wong
Paula Wong
Flag of United States of America image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Cisco
Cisco

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

27K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts

  • "Invaluable tool for our organization"

    Josh Regalski

  • "Your help has saved me hundreds of hours of internet surfing."

    @fblack61

  • "Just a dang good service!"

    @golferski

  • "Worth every penny."

    Steve Hougom

  • "It’s been a life saver."

    Maria Halt

  • "Best support site I’ve seen!"

    Bob Schneider

  • "I would be lost without them."

    @fblack61

  • "Saved my job multiple times."

    Walt Forbes

  • "I love this site."

    Maria Duwe

  • "Friendly respectful help."

    Andrew Kowtalo

  • "Such top-notch experts."

    @magento

  • "The best money I have ever spent."

    @rwheeler23

  • "Beyond any comprehensible value"

    George Morris

  • "Invaluable tool for our organization"

    Josh Regalski

Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo
© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent