Using Two-Step Login with Cisco AnyConnect VPN

When you connect to a VPN service protected by two-step login, you will be presented with an additional password field on the authentication screen. This field may be labeled "Second Password" or "Duo Passcode":

You will need to enter an appropriate value into the "Second Password" or "Duo Passcode" field in order to log in.

The accepted values include:

Value Function
<passcode value>        Log in using a passcode, either generated with Duo Mobile, sent via SMS, generated by your hardware token, or provided by an administrator. Examples: "123456" or "1456789"
push Push a login request to your phone (if you have Duo Mobile installed and activated on your smart device). Just review the request and tap Approve to log in.
phone Authenticate via phone callback.
sms Request a new batch of SMS passcodes. Your authentication attempt will be denied. You can then authenticate with one of the newly delivered passcodes.

You can also add a number to the end of these factor names if you have more than one device registered. For example, push2 will send a login request to your second phone, phone3 will call your third phone, etc.

For more detail, visit https://guide.duo.com/anyconnect.

Details

Article ID: 41018
Created
Wed 10/18/17 2:56 PM
Modified
Wed 3/23/22 4:21 PM

Related Articles (4)

This article outlines the steps to set up multi-factor authentication (MFA) or two-step (or two-factor) authentication (2FA), to the most common service providers.
A guide to all the ways to complete a two-step login
Tips for optimizing your experience with Duo two-step login.
A brief description of how to register new and manage existing devices with Duo.