You could do the same with ADFS. You could add MFA to the SAML workflow in ADFS then, as has been stated, your authentication would be AnyConnect > ASA > ADFS (with MFA prompting). I think that would work.
I'm working on similar stuff and I use ISE as well.
... View more
Hi, I am having issues with configuring performance monitor (medianet) on an ASR1002-X. The command '(config)#policy-map type performance-monitor' does not exist despite documentation stating otherwise. All the other required commands work fine. Just this one does not. I have tried various different software versions including the recommended and the latest. Current SW version (cisco recommended) asr1002x-universalk9.03.07.06.S.152-4.S6.SPA.bin Installed Licences Index 1 Feature: adventerprise Index 2 Feature: advipservices Index 3 Feature: ipbase Index 4 Feature: avc Index 7 Feature: cube_250 Index 8 Feature: cube_250_red Index 10 Feature: cube_ent_100_red Index 14 Feature: firewall Index 15 Feature: fpi Index 16 Feature: fwnat_red Index 17 Feature: gtp_addon_aic NAME: "Chassis", DESCR: "Cisco ASR1002-X Chassis" PID: ASR1002-X , VID: V01, SN: xxxxxxxxxxxx NAME: "module 0", DESCR: "Cisco ASR1002-X SPA Interface Processor" PID: ASR1002-X , VID: , SN: NAME: "SPA subslot 0/0", DESCR: "6-port Built-in GE SPA" PID: 6XGE-BUILT-IN , VID: , SN: NAME: "module R0", DESCR: "Cisco ASR1002-X Route Processor" PID: ASR1002-X , VID: V01, SN: xxxxxxxxxxxx NAME: "module F0", DESCR: "Cisco ASR1002-X Embedded Services Processor" PID: ASR1002-X , VID: , SN: Is this supported? Any ideas what I am doing wrong? Thanks
... View more