We are using an ASA 5525-X to provide our users remote access VPN to our internal network. Recntly, we've moved from locally-defined users to authenticating using SAML against our Azure AD server. This has been working fine, but with the locally-defined users we had separate group policies and connection profiles to provide separate address pools and separate access to certain resources. In trying to add the second trustpoint, we ran into an issue. In the config, under:
webvpn
saml idp <our saml URL>
trustpoint idp AzureAD-AC-SAML-NEW
It's only allowing us to have one of the 'trustpoint idp' lines. Is it not possible to do what we need? The biggest goal right now is to have various groups of users using different address pools.
Thank you!