Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
753
Views
0
Helpful
1
Replies

ANYCONNECT secondID ON CISCO1921

FERTHOFELES
Level 1
Level 1

‎07-03-2020 08:40 PM

Hi everyone,

 

I am in trouble, I have configured a router CISCO1921, I have access and it works good, but now I need to add a second authentication, before I used a Firewall ASA, I would like to replicate it,  my config on ASA :

ip local pool POOL_PRUEBA1 X.X.X.X

webvpn

  anyconnect profiles PRUEBA_client_profile disk0:/PRUEBA_client_profile.xml

group-policy GroupPolicy_PRUEBA internal
group-policy GroupPolicy_PRUEBA attributes
  wins-server none
  dns-server none
  vpn-tunnel-protocol ikev2 ssl-client
  default-domain none
  webvpn
     anyconnect profiles value PRUEBA_client_profile type user

tunnel-group PRUEBA type remote-access
tunnel-group PRUEBA general-attributes
   address-pool POOL_PRUEBA
   secondary-authentication-server-group SecID
   default-group-policy GroupPolicy_PRUEBA

tunnel-group PRUEBA webvpn-attributes
group-alias PRUEBA enable

 

Is it possible to have tunnels and second Authentication?

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎07-04-2020 12:18 AM

Hi,

Yes this is possible on the 1921 router, the solution is called FlexVPN.

Here are the configuration guides, with plenty of example configuration:-

https://www.cisco.com/c/en/us/support/security/flexvpn/products-configuration-examples-list.html

 

Any further queries just ask.

HTH

0 Helpful
Customers Also Viewed These Support Documents