ISE & Duo Integration
HTML-код
- Опубликовано: 31 июл 2024
- Cisco ISE TME Pavan Gupta explains and demonstrates the many ways that ISE and Duo can be integrated to better secure your network!
00:00 Intro and Agenda
01:10 Zero Trust Network Access with ISE (in the Workplace) and Duo (for the Workforce)
03:37 What is MFA (Multi-Factor Authentication)?
04:51 Duo login process for the Workforce
05:30 ISE for the Workplace
06:00 ISE + Duo Coverage
06:58 ISE & Duo Integration Solution Scenarios
08:45 Protect ISE Admin UI with Duo Authentication Proxy (RADIUS Proxy)
10:38 Demo: ISE Admin UI with Duo MFA
11:27 - Add Users with Active Directory Sync
11:57 - Install & Configure Duo Authentication Proxy
13:53 - Configure AD Domain Controller
14:28 - AD Groups Sync
17:33 - Protect an Application: Cisco ISE RADIUS
19:07 - ISE RADIUS Proxy configuration to Duo
20:50 - duoadmin shadow user for superadmin access
22:39 Duo Single Sign-On with SAML
25:11 Demo: Protect ISE Admin UI with Duo Single Sign-On
28:37 - Active Directory Configuration for SSO
30:58 - Protect an Application: Generic SAML Service Provider
32:18 - Configure Duo as ISE SAML Identity Provider
34:20 - Add Duo Certificate to ISE Trusted Certificates
35:19 - Add Duo SAML Metadata to ISE
35:38 - Map SAML Groups to ISE Admins
37:26 - Login to ISE with Duo SAML SSO
38:15 Protect Network Device Admin Access with ISE and Duo
38:36 Advantages of Using ISE for Device Admin Access
41:05 Slido Questions
44:36 Demo: Network Device Admin Access (TACACS) with ISE & Duo
46:03 - Enable ISE Device Admin (TACACS) Service
46:21 - ISE Network Device Configuration
47:00 - ISE Device Admin Policy Set
48:08 - ISE TACACS Profiles & Command Sets
49:02 - Network Device TACACS Configuration
50:08 - Login to IOS CLI with Duo MFA
50:38 - ISE Device Admin (TACACS) LiveLog & Reports
53:00 Protecting Network Access with Duo
54:55 EAP Flow with ISE & Duo
56:25 Slido Question
57:50 Demo: Network Access with Duo
58:37 - ISE Policy Set
59:11 - Client Supplicant (Cisco Secure Client/AnyConnect NAM) Configuration with EAP-GTC
1:00:00 - Network Access Authentication with Duo
1:00:24 - Review Authentication in ISE
1:01:25 - Review Authentication in Duo
1:02:03 Protecting RA-VPN Access with Duo MFA
1:02:18 - Using Duo Auth Proxy flow
1:03:35 - Using Duo SAML flow
1:05:03 Demo: Protecting RA-VPN Access with Duo Auth Proxy
1:05:23 - ISE RA-VPN Policy Set
1:06:05 - ASA VPN Config
1:08:20 - VPN Client Connection & ISE Logs
1:09:08 Protecting ISE Web Portals Access with Duo MFA
1:09:26 - Duo Auth Proxy flow
1:10:20 - Duo SAML flow
1:11:43 Slide Poll Question
1:13:10 Demo: ISE Web Portals Access with Duo MFA
1:14:06 - with Duo Auth Proxy
1:15:16 - with SAML
1:18:14 Duo Security Compliance Policy with Duo Device Health App
1:20:28 ISE & Duo Compliance Comparison
Resources:
Duo Auth Proxy Reference: duo.com/docs/authproxy-reference
ISE Integration Guides - Duo: cs.co/ise-guides#Duo
Duo with Cisco ISE RADIUS: duo.com/docs/ciscoise-radius Наука