We would like to move from Cisco web based VPN due to MS moving away from IE. So we would like to build an anyconnect (client) SSL VPN on the same ASA with 2FA.
I was wondering if a, is it possible to have these two on the same firewall? b, do you know of a guide or step by step example of this that I can use?
thanks in advance.
@ali007 yes, you can just setup an AnyConnect client based SSL-VPN on the same firewall, there is no specific requirement to running Client and Clientless at the same time.
More information on setting up AnyConnect SSL-VPN
I have just been looking and cisco says it does support Chrome and firefox:
ASA Release 9.12
For connections to the ASA using clientless SSL VPN, Cisco supports the following operating systems and browsers:
See the Smart Tunnel Notes section below for exceptions and limitations of support.
OS / Browser Chrome Firefox Internet Explorer Safari Citrix Receiver
macOS 10.14 yes yes - 12.0 12.7
OS X 10.13 yes yes - 12.0 12.5
OS X 10.12 yes yes - 12.0 12.5
Windows 10 yes yes 11 - Win 4.9(14.9)
Windows 8.1 yes yes 11 - Win 4.9(14.9)
Windows 8 yes yes 11 - Win 4.9(14.9)
Windows 7 yes yes 11 - Win 4.9(14.9)
however, when we try chrome we get the attached error.
thanks @Marvin Rhoads. the reason I am confused about this is because of the following:
"show vpn-sessiondb anyconnect " shows the following:
Protocol : IKEv2 IPsecOverNatT Clientless
License : AnyConnect Premium
Encryption : IKEv2: (1)AES256 IPsecOverNatT: (1)AES256 Clientless: (1)AES-GCM-256
Hashing : IKEv2: (1)SHA1 IPsecOverNatT: (1)SHA1 Clientless: (1)SHA384
Bytes Tx : 1280101 Bytes Rx : 218580
Group Policy : abc1234 Tunnel Group : DefaultWEBVPNGroup
however, the group policy used shows the following:
show running-config group-policy DfltGrpPolicy
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client
also, "show vpn-sessiondb webvpn" shows no client connected.
also, what can I do to get this working on Chrome/firefox?
look forward to hearing form you