Showing results for 
Search instead for 
Did you mean: 

AnyConnect no login with AD credentials No internal net connection

I am new to Cisco Firepower devices and trying to setup a Firepower 1140 with VPN and wanting to use our Windows AD server for login credentials with AnyConnect. It looks like the outside tunnel is setup I can reach the log in page getting a certificate error but when trying to log in with AD cred's I get a failed log in. 

I have created the AD Server as an object and made it the Primary and secondary ID source same thing for DNS and using the Default Internal Cert.  I have included some extra information bellow

2nd not as concerning I cannot access the user instruction page from the internal network so users can download pre-configured AnyConnect for the VPN connection


> show running-config tunnel-group
tunnel-group xx.xx.181.122 type ipsec-l2l
tunnel-group xx.xx.181.122 general-attributes
default-group-policy |s2sGP|xx.xx.181.122
tunnel-group xx.xx.181.122 ipsec-attributes
ikev2 remote-authentication pre-shared-key ****************************
ikev2 local-authentication pre-shared-key *******************************
tunnel-group Exxtr_VPN type remote-access
tunnel-group Exxtr_VPN general-attributes
address-pool VPN_Network
authentication-server-group Exxtr-SVR-01 LOCAL
secondary-authentication-server-group Exxtr-SVR-01 LOCAL
authorization-server-group Exxtr-SVR-01
tunnel-group Exxtr_VPN webvpn-attributes
group-alias Exxtr_VPN enable
> show running-config group-policy
group-policy DfltGrpPolicy attributes
banner value Welcome
banner value This portal is for authorized users only.
dns-server value
vpn-simultaneous-logins 3
vpn-session-timeout 550
vpn-tunnel-protocol ssl-client
anyconnect ssl dtls none
anyconnect profiles value defaultClientProfile type user
group-policy |s2sGP| internal
group-policy |s2sGP| attributes
vpn-tunnel-protocol ikev2
> show running-config aaa-server
aaa-server Exxtr-SVR-01 protocol ldap
realm-id 3
aaa-server Exxtr-SVR (inside) host
server-port 389
ldap-base-dn CN=Users, CN=Builtin, DC=exxtr, DC=local
ldap-scope subtree
ldap-login-password ******************************************
server-type auto-detect