01-23-2024 01:03 PM
I appear to be having some issues setting up AnyConnect VPN with Microsoft Azure MFA through SAML.
ASA version 9.8(4)46
Any connect version 4.10.08025
I've followed the following guides as a point of reference:
Cisco's guide "Configure ASA AnyConnect VPN with Microsoft Azure MFA through SAML
Microsoft's guide "Tutorial: Microsoft Entra single sign-on (SSO) integration with Cisco AnyConnect"
"Cisco Anyconnect integration with Azure AD" video on YT
"Cisco VPN: ASA and Microsoft Azure AD with MFA using SAML" video on YT
Anyway onto the issue
When I select the group on anyconnnect, the microsoft webpage tries to load but remains blank as you see in the first 3 screenshots below then I get the error message "Authentication failed due to gateway timeout"
That suggests there is an issue getting to the VPN URL. However, If I browse to the anyconnect URL and select the profile, I get redirected to the microsoft login page
Also if I change the authentication to local on the connection profile, it works fine (with local logon opposed to microsoft)
01-24-2024 07:25 AM
Azure will be navigating to the SAML metadata page using the URL for for your specific tunnel-group. Make sure you have it exactly right in the Azure enterprise app setup - it is case-sensitive.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide