Solved: Re: Cisco ASA Authentication to download AnyConnect from gateway

Marco Serato · ‎03-13-2023

Hello,
where in the Cisco ASA can the authentication configured for the gateway login , where the provided Cisco AnyConnect version can be downloaded for the users?

How can this be realised via the Cisco ISE?
What would have to be returned as a result?
I am currently at a loss.

Therefore, thank you very much.

Marco

Rob Ingram · ‎03-13-2023

@Marco Serato If the user does not have the VPN client they can connect to the ASA web portal and download the image, then install.

To upgrade, if you upload the anyconnect image to the ASA the user will automatically upgrade after authenticating to the VPN.

You can deploy the anyconnect image via the ISE provisioning portal - https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010110.html

View solution in original post

Rob Ingram · ‎03-13-2023

@Marco Serato If the user does not have the VPN client they can connect to the ASA web portal and download the image, then install.

To upgrade, if you upload the anyconnect image to the ASA the user will automatically upgrade after authenticating to the VPN.

You can deploy the anyconnect image via the ISE provisioning portal - https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010110.html

Marco Serato · ‎03-13-2023

That sounds great, but I think it needs some time to understand it right.

If Cisco ISE is requested, what is the best way to set the result?
Is a simple ACCEPT sufficient?
Or should there be more in there (security thought)?