Skip to main content

 

Cisco Meraki Documentation

AnyConnect Posturing with DUO Device Trust

AnyConnect Posturing with DUO Device Health App

For additional AnyConnect information, refer to the AnyConnect configuration guide.

The definition of the workplace has evolved rapidly in the last two years and security requirements have also continued to change. Posturing has become more important to ensure certain security requirements are met for a client device attempting to connect to your environment irrespective of where they are connecting from.

To set up posturing with DUO, these requirements must be met:

1. An MX running firmware version 16.16+ or 17.6+
2. AnyConnect authentication set to SAML with DUO as the Identity Provider
3. DUO beyond subscription
4. Device Health Policy configured in DUO

Posturing of AnyConnect remote access users can be accomplished with DUO Device Trust. The screenshot below shows a device health policy configured in within DUO to block acces to users with that have their client Firewall turned off.

Screenshot of the Duo Device Trust Dashboard Client Policy editor
 

Gif depicting the Cisco DUO push mechanism when accessing protected applications.

Policy enforcement and User Remediation: We can see DUO Identify enforcing the configured policy by leveraging data from the Device Health App running on the client to enforce the Firewall policy requirement. The user is prompted to turn on the Firewall on their device before they can connect to the AnyConnect VPN Server. 

For more information and details on configuration see: 
How to configure DUO Device Trust.

 

For Meraki related inquiries contact meraki-anyconnect-beta@cisco.com

  • Was this article helpful?