The challenge:
A client needed 2-factor authentication in front of their Virtual Private Network (VPN) infrastructure to adhere to cybersecurity insurance requirements.The solution:
A Cisco Duo authentication proxy on high availability servers with multiple internet connections and a complete VPN infrastructure overhaul for simplicity and ease for users.The outcome:
The client now has increased security and a significantly improved VPN infrastructure across multiple companies and locations.Recently, Nexus Technology Partners was approached by one of our longstanding clients for help setting up 2-factor authentication for their VPN users. The client needed to adhere to cybersecurity insurance rules, and without 2-factor, they would not have been covered by insurance. If a security event were to occur, the client could potentially suffer a loss without the chance of reimbursement.
The client needed an effective way to implement 2-factor authentication for their VPN infrastructure without disrupting users and losing their existing investment.
Before we learn how Nexus helped, let's learn a little about 2-factor authentication from the video below, courtesy of Duo.
Solution: seamlessly implement the existing infrastructure with 2-factor authentication
On behalf of the client, we thoroughly researched and evaluated several of the industry-leading solutions, focusing on creating a secure, effective, user-friendly solution that was seamlessly accessible to all users.
After evaluating and comparing several 2-factor authentication products, Duo from Cisco Systems met our client’s requirements the best. While several other providers use six-digit codes for two-factor authentication, most required manual re-entry of the codes, which proved to be overly cumbersome for users.
With Cisco Duo, the authentication process is easy to use. Instead of requiring users to manually enter a six-digit code, Duo sends a simple push notification to their device. The user only needs to confirm their login attempt by tapping “Yes” if it’s legitimate or “No” if it’s not. This makes the login process both faster and more user-friendly.
We designed the system so that Duo’s authentication integrates perfectly with the VPN login process. When a user attempts to connect, Duo verifies their identity in the background. This approach adds an extra layer of protection without disrupting workflow, allowing users to log in with minimal effort while maintaining strong security.
Before implementing a company rollout, we conducted extensive testing in our environment using a virtual machine and server. During this research and development phase, we identified opportunities to optimize the client’s VPN server infrastructure, which did not natively support two-factor authentication. By adjusting specific timing parameters for timeouts and reconnects, we ensured the authentication proxy would not prompt users for two-factor authentication repeatedly after a successful login.
Rollout: teaching users the new, secure VPN infrastructure
As we validated the functionality of the two-factor authentication system, our team devised a phased implementation plan for the new feature. Initially, we deployed the server in the client’s environment while keeping their existing VPN operational in parallel. We began constructing the new VPN and integrated it with the client’s networks. After confirming its stability, we ensured that internal traffic was encrypted to prevent unauthorized access to credentials exchanged between the authentication proxy and the domain controller.
Once the infrastructure was fully implemented, we created personalized VPN configuration files for each user and established Duo accounts, assigning them to appropriate organizational units and security groups within Active Directory. These configuration files made the setup process easier for users on their devices, while Active Directory allowed us to organize and manage network access effectively.
To support the transition, we emailed employees to notify them that the old VPN would be decommissioned in three weeks. The communication included a detailed PDF outlining expectations and instructions for using the new VPN. Additionally, we worked individually with employees to ensure they understood how to configure and operate the new system, virtually eliminating any disruption during the transition.
These efforts paid off. The client experienced improved security across the organization, which provided peace of mind and satisfied cyber insurance eligibility requirements.
Outcome: Full-coverage support
Throughout this project, we took a hands-on approach to produce the best outcomes. The client’s Duo authentication proxy operates on our robust server cluster, which consists of multiple servers. This setup provides high reliability as our Duo authentication proxy service will continue functioning even if a server fails. Additionally, we provide three independent internet connections, ensuring that the VPN remains online and accessible even in the event of a carrier outage.
As part of our efforts, we optimized the client’s VPN infrastructure by consolidating their previously distributed VPN servers—located across several sites—into a single, centralized server. This centralization simplifies routing and enables seamless access to various locations through one unified system.
Looking ahead, there are countless opportunities to expand the use of two-factor authentication across various platforms and applications. With the right infrastructure in place, businesses can enhance security for VPN access, cloud applications, internal systems, and even customer portals—often without additional licensing costs.
At Nexus Technology Partners, we specialize in comprehensive IT solutions that go beyond just authentication.
Whether you're looking to implement 2FA across your organization, modernize your web presence, or optimize your network security, our team is ready to help. From VPN infrastructure to website development, we provide tailored solutions to keep your business secure and efficient.