We are wanting to use MFA with our Cisco VPN solution. We already have MFA working with our 365 solution, but want to leverage this for our VPN as well.
Right now I have a working VPN authentication to Clearpass and have a separate service created that I will be testing with. I have a fresh NPS server setup and the ASA I am testing with is sending requests to the NPS server.
The issue I am having now is am I using the right order for authentication for this setup?
ASA (VPN) --> MS NPS --> Clearpass ---> AD
Or Should I be doing this?
ASA (VPN)--> Clearpass ---> MS NPS --- AD
The first one seems like the correct way, but what I see now is the VPN login hits the NPS but never forwards the request to Clearpass. I am trying to get this working before I do the Azure Connect to NPS for the secondary Auth. I know I need to configure the NPS a bit more, but want to make sure I have the logical flow correct before digging too deep.
Any help with the path question will help me greatly. Thanks.