Currently, I'm using RADIUS authentication for VPN. I'm using Active Directory servers as the RADIUS. I'm using Windows 10 native VPN client also. So when a user logs in, they open their Windows 10 VPN client, then enter their Active Directory username and password, and if everything is correct, they're connected to VPN.
I would like to enable 2FA on the VPN. If I understand correctly, I cannot do this from the native Windows 10 VPN, but I can do this from AnyConnect? How exactly would I do this? So when I user types in their AD credentials, I would like them to enter the correct PIN or something like that as a secondary authentication method.
I know I have to use third party vendors such as Duo, RSA, Azure etc. for the 2nd part of the authentication
From my research, Duo is the easiest to setup. Anyone else using RSA or Azure? The below post says I need to contact Meraki to adjust the timeout settings.
https://community.meraki.com/t5/Security-SD-WAN/Using-DUO-for-2FA-how-to/td-p/38442.