Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
676
Views
0
Helpful
6
Replies

AnyConnect no login with AD credentials No internal net connection

Go to solution
00u18jg7x27DHjRMh5d7
Beginner
Beginner

‎12-16-2021 11:51 AM

I am new to Cisco Firepower devices and trying to setup a Firepower 1140 with VPN and wanting to use our Windows AD server for login credentials with AnyConnect. It looks like the outside tunnel is setup I can reach the log in page getting a certificate error but when trying to log in with AD cred's I get a failed log in. 

I have created the AD Server as an object and made it the Primary and secondary ID source same thing for DNS and using the Default Internal Cert.  I have included some extra information bellow

2nd not as concerning I cannot access the user instruction page from the internal network so users can download pre-configured AnyConnect for the VPN connection

 

> show running-config tunnel-group
tunnel-group xx.xx.181.122 type ipsec-l2l
tunnel-group xx.xx.181.122 general-attributes
default-group-policy |s2sGP|xx.xx.181.122
tunnel-group xx.xx.181.122 ipsec-attributes
ikev2 remote-authentication pre-shared-key ****************************
ikev2 local-authentication pre-shared-key *******************************
tunnel-group Exxtr_VPN type remote-access
tunnel-group Exxtr_VPN general-attributes
address-pool VPN_Network
authentication-server-group Exxtr-SVR-01 LOCAL
secondary-authentication-server-group Exxtr-SVR-01 LOCAL
authorization-server-group Exxtr-SVR-01
tunnel-group Exxtr_VPN webvpn-attributes
group-alias Exxtr_VPN enable
>
>
> show running-config group-policy
group-policy DfltGrpPolicy attributes
banner value Welcome
banner value This portal is for authorized users only.
dns-server value 192.168.1.238
vpn-simultaneous-logins 3
vpn-session-timeout 550
vpn-tunnel-protocol ssl-client
webvpn
anyconnect ssl dtls none
anyconnect profiles value defaultClientProfile type user
group-policy |s2sGP|xx.xxx.181.122 internal
group-policy |s2sGP|xx.xxx.181.122 attributes
vpn-tunnel-protocol ikev2
>
>
>
> show running-config aaa-server
aaa-server Exxtr-SVR-01 protocol ldap
realm-id 3
aaa-server Exxtr-SVR (inside) host 192.168.1.238
server-port 389
ldap-base-dn CN=Users, CN=Builtin, DC=exxtr, DC=local
ldap-scope subtree
ldap-login-password ******************************************
ldap-login-dn XXXXXXXXXXXXXXXXXXXXXXX.com
server-type auto-detect
>

 

 

 

 

Labels:
0 Helpful