08-20-2018 07:54 AM
I had MFA setup with Anyconnect working, had to disable temporarily while doing a move to get regular users ability to VPN, and now that we are fully migrated, want to enable the 2FA permanently, however, in doing patching, the firewall was upgraded to 9.8 and now when enabling the policy for 2FA VPN, it prompts for 2 usernames (which I found where to disable) and 2 passwords. How do I eliminate that second password since PINGid is used for the second factor, and is still working, but that second password field is causing login failure.
08-22-2018 02:29 AM
can you please share relevant configuration,
thanks
08-22-2018 05:32 AM
I found the issue, somehow second auth was configured on the tunnel group. The other issue is with Ping. I had found a bug in 9.8.2.38 with flash being locked and rolled back to 9.6.2, the configuration was still there, so digging through CLI I found the second auth and removed it. Now I get the normal auth popup I am looking for. Now to figure out why PING is rejecting my password.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide