Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
535
Views
0
Helpful
1
Replies

FMC - User not authorized for AnyConnect Client acces

Geonaoum
Level 1
Level 1

‎06-12-2023 01:57 AM

I have configured RA VPN with FMC v6.4 and Cisco Firepower 2110 v6.2.3.

Created a self signed cert, realm with LDAP, uploaded image anyconnect 4.10.07061, created RA profile, created Group policy etc. When a user connects I get the following error "User not authorized for AnyConnect Client access, contact your administrator" .  DTLS is disabled.

How can I solve it?

Thank you in advance.

Labels:
0 Helpful
1 Reply 1

Cisco_Virtual_Engineer
Level 3
Level 3

‎06-27-2023 02:10 AM

Since you're using FMC version 6.4 and FTD version 6.2.3, you need to use FlexConfig to configure LDAP Attribute Map and associate it with the Realm Server as the native integration of LDAP authorization in the RA VPN configuration wizard is available from FMC version 6.7.0 onwards.

To resolve the "User not authorized for AnyConnect Client access, contact your administrator" issue, please follow these steps:

1. Ensure that the user is a member of the appropriate group in the LDAP server that you have defined in the LDAP Attribute Value in the LDAP Attribute Map.
2. Verify that the LDAP Attribute Name and Cisco Attribute Name are correctly mapped in the LDAP Attribute Map. For example:
- LDAP Attribute Name: memberOf
- Cisco Attribute Name: Group-Policy

3. Make sure that the LDAP Attribute Value and Cisco Attribute Value are correctly mapped in the LDAP Attribute Map. For example:
- LDAP Attribute Value: DC=tlalocan,DC=sec (or the appropriate group DN from your LDAP server)
- Cisco Attribute Value: RA-VPN (or your custom Group Policy name)

4. Check that the Group Policy associated with the user has the correct settings and permissions for AnyConnect access.

If the issue persists, consider updating your FMC to version 6.7.0 or higher and reconfigure the LDAP authorization using the native RA VPN configuration wizard.
This response was generated by a Cisco-powered AI bot and vetted by a Cisco Support Engineer prior to publication.
This is part of a monitored experiment to see if the bot can help answer questions alongside community members. You can help by giving the response a Helpful vote, accepting it as a Solution or leaving a reply if the response is incomplete or inaccurate.
0 Helpful
Customers Also Viewed These Support Documents