cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
440
Views
0
Helpful
1
Replies
Highlighted
Enthusiast

Duo 2FA for AnyConnect giving an error message

I am trying to configure 2FA using Duo for Any Connect login.

 

I have completed the few steps that seem to be very simple to configure the Duo gateway and ASA config. I am prompted to login via Duo and complete 2FA using my mobile app. However once this is done I am hit with the error: "unable to update the session management database" Duo support seem to think this is an ASA problem, however searching this error only finds results related to old versions of ASA code.

 

Thanks in advance

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Enthusiast

For anyone interested the problem was this config under the default group policy:

group-policy DfltGrpPolicy attributes
 vpn-simultaneous-logins 0

 

I had created a separate group policy for AnyConnect with Duo but the 'vpn-simultaneous-logins' attribute is inherited from the default policy. This caused the "unable to update the session management database" error after passing the Duo authentication.

 

The fix was to configure 'vpn-simultaneous-logins 1' under the Duo policy, or change the default policy.

View solution in original post

1 REPLY 1
Highlighted
Enthusiast

For anyone interested the problem was this config under the default group policy:

group-policy DfltGrpPolicy attributes
 vpn-simultaneous-logins 0

 

I had created a separate group policy for AnyConnect with Duo but the 'vpn-simultaneous-logins' attribute is inherited from the default policy. This caused the "unable to update the session management database" error after passing the Duo authentication.

 

The fix was to configure 'vpn-simultaneous-logins 1' under the Duo policy, or change the default policy.

View solution in original post