About CiscoMedMed

CiscoMedMed · 12-30-2022

I have a long established ASA with one 1Gbps interface on the outside. There are many NATs and ACLs associatedwith that interface so I don't want to touch it. But I have more Azure ASR and backup traffic that I want to get to the edge switches withou...

CiscoMedMed · 12-01-2022

I've been using SAML on an AnyConnect VPN Connection Profile for some time to trigger MFA. But I would like to limit access of VPN to only members of a particular Windows Active Directorygroup. Can this be accomplished in ASDM by going to Advanced/Au...

CiscoMedMed · 08-16-2022

I've been symied for weeks on this "Authentication failed due to problem retrieving the single sign-on cookie". TAC helped me track it down to a certificate mismatch. My AWS engineer generated a new cert and this time the output looks closer to my wo...

CiscoMedMed · 08-05-2022

I have one ASA pair licensed for 750 AnyConnect Premium and a second ASA pair licensed for just 100.I only need fewer than 200 connections to either pair. I had read that there is somewhere that multiple ASAscould not share AnyConnect Premium licensi...

CiscoMedMed · 07-14-2022

I am trying to set up SAML for authentication to one of my ASAs. In order to not interfere with the current AnyConnect authentication I created a "group URL" - www.acme.com/SAML to trigger the new connection profile. Then within the SSO and SAML para...

CiscoMedMed · 07-15-2022

debug webspn ssl is showing a signature mismatch issue. Something with the cert - or the import method perhaps?[SAML] consume_assertion:PHNhbWxwOlJlc3Bvb....ybWF0aW9uRGF0YSBJblJlc3BJul 15 12:28:26 [Lasso] func=xmlSecOpenSSLEvpSignatureVerify:file=/lo...

CiscoMedMed · 07-15-2022

The "Reply URL" refers to what is sent back from Azure to the ASA, correct? I don't see anything called "Reply URL" within the ASA so I'm assuming that's the case.

CiscoMedMed · 07-15-2022

I removed the SAML Identity Provider info in ASDM and recreated it. Now the MFA request is getting to Azure. But the authentication failed due to retrieval of single sign on cookie.

CiscoMedMed · 07-15-2022

The result of removing the /SAML is that browser window pops up but now a message "Can't reach this page. Make sure https://https is correct." appears. I went back to Edit SSO Server parameters to make sure I didn't somehow include an https:// prefix...

CiscoMedMed · 07-15-2022

Great - I'll give that a try.

Member Since	‎12-28-2019 11:00 AM
Date Last Visited	‎01-26-2023 03:49 PM
Posts	163
Total Helpful Votes Received	85

User Statistics

User Activity

ASA 5525 Two Outside Interfaces on Same Subnet

Anyconect SAML and Restricting Access by AD Group

SAML ERROR SIGN ON COOKIE

Can AnyConnect Premium Licenses Be Shared Among Two ASA Pairs?

AnyConnect SAML Auth Yielding "Wrong URL" Error

Re: AnyConnect SAML Auth Yielding "Wrong URL" Error

Re: AnyConnect SAML Auth Yielding "Wrong URL" Error

Re: AnyConnect SAML Auth Yielding "Wrong URL" Error

Re: AnyConnect SAML Auth Yielding "Wrong URL" Error

Re: AnyConnect SAML Auth Yielding "Wrong URL" Error