Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
447
Views
0
Helpful
1
Replies

Issue with AnyConnect VPN with Microsoft Azure MFA through SAML

mustang_speirsy
Level 1
Level 1

‎01-23-2024 01:03 PM

I appear to be having some issues setting up AnyConnect VPN with Microsoft Azure MFA through SAML.

ASA version 9.8(4)46

Any connect version 4.10.08025


I've followed the following guides as a point of reference:

Cisco's guide "Configure ASA AnyConnect VPN with Microsoft Azure MFA through SAML 

Microsoft's guide "Tutorial: Microsoft Entra single sign-on (SSO) integration with Cisco AnyConnect" 

"Cisco Anyconnect integration with Azure AD" video on YT

"Cisco VPN: ASA and Microsoft Azure AD with MFA using SAML" video on YT

Anyway onto the issue


When I select the group on anyconnnect, the microsoft webpage tries to load but remains blank as you see in the first 3 screenshots below then I get the error message "Authentication failed due to gateway timeout"


That suggests there is an issue getting to the VPN URL. However, If I browse to the anyconnect URL and select the profile, I get redirected to the microsoft login page

Also if I change the authentication to local on the connection profile, it works fine (with local logon opposed to microsoft)

Labels:
Preview file
119 KB
Preview file
107 KB
Preview file
29 KB
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-24-2024 07:25 AM

Azure will be navigating to the SAML metadata page using the URL for for your specific tunnel-group. Make sure you have it exactly right in the Azure enterprise app setup - it is case-sensitive.

0 Helpful
Customers Also Viewed These Support Documents