cancel
Showing results for 
Search instead for 
Did you mean: 

Pulse Connect Secure 2 site Cluster, 2nd device can't use DUO to login

SOLVED
Highlighted
New Contributor

Pulse Connect Secure 2 site Cluster, 2nd device can't use DUO to login

Hello!

I have two pulse connect secure devices,

These are clustered together and share the same configuration at two different geographic locations.

I have inegrated MFA with DUO - https://duo.com/docs/pulseconnect

The first device comes up fine, when I test the API connection I get:

info: For server api-XXXXXXX.duosecurity.com at port XXX
LDAP server is reachable.

The 2nd device didn't do so well, even though the walkthrough says to ignore errors:

error: For server api-XXXXXXX.duosecurity.com at port XXX
LDAP Server is unreachable. Check the server address, port, and connection type.

Here is the logs from the 2nd device:

Info AUT24327 2017-08-29 12:26:29 -XX-XX-PULSE - [172.17.X.X]XXXX/XXXX/XXXX[] - Secondary authentication failed for XXXXX/DUO-LDAP from 172.17.X.X

Minor AUT23391 2017-08-29 12:26:29 - XX-XX-PULSE - [172.17.X.X] XXXX/XXXX/XXXX[] - Could not connect to LDAP server 'DUO-LDAP': Failed binding to admin DN: [81] Can't contact LDAP server: api-XXXXX.duosecurity.com:XXX

Info AUT23278 2017-08-29 12:26:29 - XX-XX-PULSE - [172.17.X.X] XXXX/XXXX/XXXX[] - Password realm restrictions successfully passed for XXXX/XXXX/XXXX

Info AUT24326 2017-08-29 12:26:29 - XX-XX-PULSE - [172.17.X.X] XXXX/XXXX/XXXX[] - Primary authentication successful for XXXX/XXXX/XXXX from 172.17.X.X

The first device FW shows constant SSL traffic while the 2nd one isn't talking to DUO.

Is this a pulse limitation, a duo limitation, or something else?
1 ACCEPTED SOLUTION

Accepted Solutions
New Contributor

Re: Pulse Connect Secure 2 site Cluster, 2nd device can't use DUO to login

It was the firewall..... Fixed

View solution in original post

1 REPLY 1
New Contributor

Re: Pulse Connect Secure 2 site Cluster, 2nd device can't use DUO to login

It was the firewall..... Fixed

View solution in original post