Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1173
Views
0
Helpful
3
Replies

Any Connect Not Using SAML Auth

CiscoMedMed
Level 1
Level 1

‎12-30-2021 03:04 AM

I am trying to get anyconnect to work with SAML per the URL below. First I found out my 4.5 AnyConnect client needed to be upgraded. But I didn't see a Windows installer per se on the Cisco download page. But AnyConnect was available on the Windows Store. Should that be a valid client? I want to install anyconnect on laptops without having employees go to the ASA and download etc.

 

Second - when I am connecting using the AnyConnect from MS store I am not presented with a choice of group. It's using the DefaultWebVPNGroup but my SAML is associated with another group. Is there a way to get my preferred profile to be the default? 

 

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/215935-configure-asa-anyconnect-vpn-with-micros.html

 

Anyconnect on MS Store: https://www.microsoft.com/en-us/p/anyconnect/9wzdncrdj8lh?activetab=pivot:overviewtab

Labels:
0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎12-30-2021 03:10 AM

@CiscoMedMed you can just upload the latest version to the ASA and the clients will automatically upgrade upon connecting to the VPN. You need to either configure a group-alias and enable the drop-down list for the users to select the new group or create a group-url.

 

More information:-

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98580-enable-group-dropdown.html

 

0 Helpful

CiscoMedMed
Level 1
Level 1
In response to Rob Ingram

‎12-30-2021 03:50 AM

I was able to identify the right packet to download and got the Cisco 4.10 client straight from Cisco. Oddly now I am getting a certificate error. With the earlier 4.5 AnyConnect I got no certificate error and could connect via LDAP. And with the Windows Store AnyConenct I connected at least via LDAP. "No valid certificates for authentication". If I browse to the outside of the ASA there's definitely a valid cert.

 

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/smb5686-install-cisco-anyconnect-secure-mobility-client-on-a-windows.html?referring_site=RE&pos=1&page=https://www.cisco.com/c/en/us/support/security/anycon...

0 Helpful

Rob Ingram
VIP
VIP
In response to CiscoMedMed

‎12-30-2021 04:49 AM

@CiscoMedMed hard to tell with no information. Did you change the configuration? The message would imply that it's attempting to perform certificate authentication and there are no certificates available. Provide your ASA configuration, enable debugs on the ASA and provide the output for review.

0 Helpful
Customers Also Viewed These Support Documents