Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
410
Views
0
Helpful
0
Replies

TCP Conversations AnyConnect SAML MFA

CiscoMedMed
Level 1
Level 1

‎02-01-2022 09:30 AM

I added SAML Auth method to the primary connection profile on an ASA. The identity provider is at https://sts.windows.net/(large string of characters). The SAML request must be working because it's trigger the MFA request which arrives on my smart phone. But what I'm not understanding is - where is the TCP conversation originating this call? I put wireshark on my laptop and pcapped on the WiFi interface while connecting to VPN and triggering the MFA request and the authentication window. But I see no conversations to 20.190.154.0/24 (see below nslookup results for sts.windows.net). Then I went to monitoring on the ASA and put in a filter to show all conversations with 20.190.154.1 to .254. And likewise I say nothing to those destinations. On the laptop I do see traffic to other Microsoft IP address space. Any insight on why I'm not seeing any traffic to these destination but succeeding would be appreciated.

 

> sts.windows.net
Server: dns.google
Address: 8.8.8.8

Non-authoritative answer:
Name: www.tm.a.prd.aadg.akadns.net
Addresses: 20.190.154.17
20.190.154.136
20.190.154.19
20.190.154.18
20.190.154.16
20.190.154.137
20.190.154.139
20.190.154.138
Aliases: sts.windows.net
a.privatelink.msidentity.com
prda.aadg.msidentity.com

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents