Jump to content
Welcome to our new Citrix community!

ADC VPX vs RADIUS (NPS) Extension for Azure MFA


Recommended Posts

Good Afternoon,

I have an ADC VPX HA pair where I try to configure Azure MFA. Following one of the online guides, I configured the on-prem NPS with the required extension and it works as expected. I faced the challenge when I tried to configure IP whitelisting. Due to the NPS configuration, i cannot achieve this with Azure side configuration. I modified the "IP_WHITELIST" registry key on the NPS server and enabled the "Send Calling Station ID" and "Send tunnel Endpoint Client IP" options on the Netscaler RADIUS server configuration. I can see in the NPS logs that the public IP of the client is being sent across, however i'm constantly receiving the "NPS Extension for Azure MFA: IP_WHITE_LIST_WARNING::IP Whitelist is being ignored as source IP is missing in RADIUS request in NasIpAddress attribute." error in the AuthZAdminCh logs. I am wondering if anyone has had this issue before?

Thank you in advance,

Peter

Link to comment
Share on other sites

Hi Julian,

 

thank you for your response. My target setup is exactly what you have mentioned. Due to some security measurements, not everyone at the company is allowed to access the environment outside of the office. Only people who are working from remote locations should be challenged with MFA. Thank you for the idea, I will look at the filtering options, and will update this thread with the outcome. 

 

Best regards,

Peter

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...