04-01-2020 06:06 PM
hi,
I have successfully integrated with on-prem window MFA. but when my mobile is in power save mode, i get notification on my mobile, after i enter mobile pin, i dont see any push notification and after some time i see message on anyconnect "connection attempt failed . please try again later". after this message i can see push notification on my mobile, but its too late to approve.
when the mobile is not in power save mode, then all is good. i can see push notification and once approve, my anyconnect vpn connect without any issue.
asa version: Version 9.6(4)30
anyconnect version: 4.7.00136
I have integrated with Window MFA using following link
04-01-2020 06:36 PM
04-01-2020 07:44 PM
hi
i cant change timeout on ise (max is 60) which is integrated with MFA, i changed time on ASA (pointing to ise) but result is the same.
when there is notification, i can see it on my lock screen and can open the authenticator app, but nothing is there (no push notfication) and then i have to wait till connection is timeout and then try new connection again while my app is already opened, after then i am able to see push notification.
04-02-2020 06:40 PM
04-06-2020 08:47 PM
hi,
Thanks for the reply.
yes its Microsoft app, when i select recheck authentication, it shows the push notification.
currently ise is working on a demo license and integrated with window mfa. anyconnect is using ise for radius authentication and once successfully authenticated, it applied DACL to the user connection.
I am not sure what license ( per device or per concurrent anyconnect user connection) is required for ise to keep authenticating anyconnect user after eval license expiry. do i need base license only?
04-06-2020 09:26 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: