We have been using the AnyConnect client and LDAP attribute maps to place clients in specific VPN groups on our Cisco ASA. We also use DUO for MFA in AnyConnect connections. This works fine, but clients often find the AnyConnect interface to be so...
Twice now in two days the Windows AnyConnect client has disappeared from the list of AnyConnect client images in our ASA.The image still exists in flash; it is just no longer listed in the client images (SSLVPN--->Client Settings)No other version of...
I'm trying to find a Windows AnyConnect stand-alone installer with DART.I can only find the web deploy package with DART for the Windows client, and we don't want to deploy that.I simply want one client to be able to run DART but there does not seem ...
We recently upgraded the OS X AnyConnect image on our ASA to 2.5.3051. For most people, including many others using OS X 10.6.8, this is working fine.However, we have one OS X 10.6.8 client who consistantly sees this error: Network Access: Unavai...
We're setting up DHCP to a central DHCP server for SSLVPN clients on our ASA running 8.2, and it's not working yet. I've defined the DHCP server for the tunnel profile to use, and set the dhcp network scope for the group- which seems to be all that i...
You need to assign the LDAP attribute map to the local LDAP server that you have configured:aaa-server LDAP (Inside) host 111.222.222...ldap-attribute-map VPN_Group_AssignmentThen in the VPN tunnel-group config you set SAML as the authentication met...
Rasmus, Did you assign the attribute map to the AAA server? aaa-server LDAP_Server (inside) host xxx.xxx.xxx.xxx ldap-attribute-map TEST-group-assign Does group mapping work when you are not using SAML but using the LDAP server for authentication...
Did you run any debugs on the ASA? That will show you exactly what the authorization server is returning, and may point you in the right direction. I found this command to be helpful: debug webvpn saml This is the correct debug command even if ...
Jordan, Were the LDAP attribute maps working previously? Eg. before you set up the SAML authentication? Or is this a new configuration? And you have configured the LDAP attribute map in the profile as AAA authorization, yes? It would be very helpful...
This document; please see my follow -up post as well: https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/vpn/asa-97-vpn-config/webvpn-configure-users.html