Security

Upcoming community maintenance Oct. 27th through Oct. 29th
For more info click here
Reply
Highlighted
New Contributor

Anyconnect VPN NPS Clearpass Setup Question

We are wanting to use MFA with our Cisco VPN solution.  We already have MFA working with our 365 solution, but want to leverage this for our VPN as well. 

 

Right now I have a working VPN authentication to Clearpass and have a separate service created that I will be testing with.  I have a fresh NPS server setup and the ASA I am testing with is sending requests to the NPS server.  

 

The issue I am having now is am I using the right order for authentication for this setup?

ASA (VPN) --> MS NPS --> Clearpass ---> AD

Or Should I be doing this?

ASA (VPN)--> Clearpass ---> MS NPS --- AD

 

The first one seems like the correct way, but what I see now is the VPN login hits the NPS but never forwards the request to Clearpass.  I am trying to get this working before I do the Azure Connect to NPS for the secondary Auth.  I know I need to configure the NPS a bit more, but want to make sure I have the logical flow correct before digging too deep. 

 

Any help with the path question will help me greatly.  Thanks. 


Accepted Solutions
Highlighted
MVP Expert

Re: Anyconnect VPN NPS Clearpass Setup Question

You will need to use the second option with the Azure NPS connect , ClearPass will need to proxy all the request to NPS



Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

View solution in original post


All Replies
Highlighted
MVP Expert

Re: Anyconnect VPN NPS Clearpass Setup Question

You will need to use the second option with the Azure NPS connect , ClearPass will need to proxy all the request to NPS



Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

View solution in original post

Highlighted
New Contributor

Re: Anyconnect VPN NPS Clearpass Setup Question

Thank you. That answers my question exactly

Highlighted
Frequent Contributor I

Re: Anyconnect VPN NPS Clearpass Setup Question

Integrate your ASA directly with Azure AD and use Conditional Access to enforce policy. There is no need to go through CPPM.

 

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/cisco-anyconnect

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: