We would like to move from Cisco web based VPN due to MS moving away from IE. So we would like to build an anyconnect (client) SSL VPN on the same ASA with 2FA.
I was wondering if a, is it possible to have these two on the same firewall? b, do you know of a guide or step by step example of this that I can use?
thanks in advance.
@ali007 yes, you can just setup an AnyConnect client based SSL-VPN on the same firewall, there is no specific requirement to running Client and Clientless at the same time.
More information on setting up AnyConnect SSL-VPN
I have just been looking and cisco says it does support Chrome and firefox:
ASA Release 9.12
For connections to the ASA using clientless SSL VPN, Cisco supports the following operating systems and browsers:
See the Smart Tunnel Notes section below for exceptions and limitations of support.
OS / Browser Chrome Firefox Internet Explorer Safari Citrix Receiver
macOS 10.14 yes yes - 12.0 12.7
OS X 10.13 yes yes - 12.0 12.5
OS X 10.12 yes yes - 12.0 12.5
Windows 10 yes yes 11 - Win 4.9(14.9)
Windows 8.1 yes yes 11 - Win 4.9(14.9)
Windows 8 yes yes 11 - Win 4.9(14.9)
Windows 7 yes yes 11 - Win 4.9(14.9)
however, when we try chrome we get the attached error.
The error message is from trying to install the AnyConnect client software via Chrome (not supported). Meaning that the profile is using client-based and not clientless. A clientless profile won't try to install the client.