Juniper SSL VPN and Duo Security Integration

Posted on November 25, 2014 by Jianming Li

Contents

  1. Sign up for a Duo Account
  2. Create a new Juniper SSL VPN Integration
  3. Configure Juniper SSL VPN
    1. Modify Sign-In Page
    2. Add Duo LDAP Auth Server
    3. Configure Secondary Auth Server for a User Realm
    4. Configure Sign-In Policy for Secondary Auth
  4. Test
    1. Create Duo User
    2. Test Juniper VPN
  5. References
 

Sign up for a Duo Account

* Sign up for a Duo account here

Create a new Juniper SSL VPN Integration

* Login Duo Admin Panel
* Select Integration > New Integration to bring up New Integration page
* Select:
– Integration type: Juniper SSL VPN
– Integration name: Duo Demo
* Click Create Integration button

juniperDuoIntegration_newIntegration_1_create

* Download Duo Juniper for 7.x firmware, e.g. Duo-Juniper-7.x-v7-2932-6069-68.zip

juniperDuoIntegration_newIntegration_2_download

Configure Juniper SSL VPN

* Login Juniper admin console

Modify Sign-In Page

* Select Authentication > Signing In > Sign-In Pages
* Click Upload Custom Pages…

juniperDuoIntegration_juniper_customSignInPage_1

* Enter:
– Name: Duo Demo
– Page Type: Access
– Templates File: browse to Duo-Juniper-7.x-v7-2932-6069-68.zip
– Skip validation checks during upload: checked

juniperDuoIntegration_juniper_customSignInPage_2

* Click Update Custom Pages

Add Duo LDAP Auth Server

* Select Authentication > Auth. Servers
* Select New: LDAP Server
* Click New Server…

juniperDuoIntegration_juniper_ldapSvr_1

* Enter:
– Name: Duo LDAP
– LDAP Server: replace_with_APIHostname
– LDAP Port: 636
– LDAP Server Type: Generic
– Connection: LDAPS

– Authentication required to search LDAP: checked
– Admin DN: dc=replace_with_integration_key,dc=duosecurity,dc=com
– Password: secret_key

– Base DN: dc=replace_with_integration_key,dc=duosecurity,dc=com
– Filter: cn=<USER>

juniperDuoIntegration_juniper_ldapSvr_2

* Click Save and ignore warning message:

juniperDuoIntegration_juniper_ldapSvr_3

Configure Secondary Auth Server for a User Realm

* Select Users > User Realms > Select Realm
* Check Additional authentication server checkbox
* Select or enter:
– Authentication #2: Duo LDAP
– Username is: predefined as <USER>
– Password is: specified by user on sing-in page
– End session if authentication against this server fails: checked

juniperDuoIntegration_juniper_realm_1

* Click Save Changes
* Select Authentication Policy > Password
* On Options for additional authentication server panel, select:
Allow all users (passwords of any length)
* Click Save Changes

Configure Sign-In Policy for Secondary Auth

* Select Authentication > Signing In > Sign-in Policies
* Select sign-in policy that you want to add duo security, e.g. */rdp/
* Select
Duo Demo from the Sign-in page list
– Selected realms: realm_configured_previously

juniperDuoIntegration_juniper_signInPolicy_1

* Click Save Changes

Test

Create Duo User

* Login Duo Admin site
* Select Users > +New User
* Add a new user with username matching your Juniper user, e.g testrdp1

juniperDuoIntegration_duo_addUser_1

* Add a phone for the newly created user

juniperDuoIntegration_duo_addUser_2_addPhone

Test Juniper VPN

* Login Juniper VPN as usual

juniperDuoIntegration_juniper_login_1

* Click SMS to send text code
* Enter received text code into Passcode field

juniperDuoIntegration_juniper_login_2

* Click Log in > button
* You should be logged in

References

* Walkthrough Video

This entry was posted in DuoSecurity, juniper and tagged , , , . Bookmark the permalink.

One Response to Juniper SSL VPN and Duo Security Integration

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.