Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1850
Views
0
Helpful
4
Replies

Cisco AnyConnect Multifactor authentication Failed on Conn profile

Go to solution
waqasrd_99
Level 1
Level 1

‎07-05-2022 07:43 AM

Hi,

We have setup AnyConnect MFA with Azure (using NPS extension). It is working fine with the test connection profile. But it failed on Prod Connection profile. Both using same LDAP user groups. NPS servers and policies are identical. User receives text code on mobile but does not get authenticated. Weirdly, user can complete authentication with Microsoft authenticator Application. Is there anything missing on Prod Connection profile or Group policies or Azure?

 

Thanks 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
waqasrd_99
Level 1
Level 1

‎07-24-2022 03:46 AM

Thanks for your support. Issue was actually with timeout settings of radius server on ASA set to 10 seconds. I changed to 30 seconds and now users can connect via text code and 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎07-05-2022 09:22 AM

>From ASA can you 'debug ldap' to see whether ASA is receiving successfull
authentication response after MFA or not. This way you narrow down you
troubleshooting. If ASA is not receiving correct response from NPS after
user put the code then you need to look at NPS.

***** please remember to rate useful posts
0 Helpful

Go to solution
waqasrd_99
Level 1
Level 1
In response to Mohammed al Baqari

‎07-05-2022 09:58 AM

Hi Mohammad,

 

Thank you for your response. it is working fine on the test connection profile. We are using same NPS server and ldap user group for both. Unfortunately,  I cant debug because its in Production. I am keen to get root cause what could be wrong with Production connection profile? 

0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11
In response to waqasrd_99

‎07-05-2022 10:37 AM

Debug ldap won't cuz load on ASA. Without debugs, we can't findout
0 Helpful

Go to solution
waqasrd_99
Level 1
Level 1

‎07-24-2022 03:46 AM

Thanks for your support. Issue was actually with timeout settings of radius server on ASA set to 10 seconds. I changed to 30 seconds and now users can connect via text code and 

0 Helpful
Customers Also Viewed These Support Documents
Top