Hey guys,
We've implemented multi factor in our VPN environment but we are having an issue with the phone call timing out, so to speak. The other forms of auth work fine such as the tokens and text verification. In brief we connect using Cisco Anyconnect to our Cisco ASA, ASA uses radius auth to ISE which in turn radius auth to our on premise AzureMFA server.
This works great and the phone call with auth too... If you answer the call and press pound before 10 seconds after entering your creds. You can't even listen to the instructions before the session times out and you have to retry. I've noticed in the radius logs on azure that there is another radius attempt at the 10 second mark thus making the previous attempt obsolete.
I've seen things on changing the retry value on our ASA to something more than 10 seconds but that is the max amount supported. Plus, it doesn't make sense that the other forms of MFA aren't timing out after 10 seconds.
If anyone has any experience implementing this or had the same issue, any help is appreciated.
No comments:
Post a Comment