cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1415
Views
0
Helpful
1
Replies

VPN MFA using ASA, NPS server extension and Azure AD

zrunner626
Level 1
Level 1

Does anyone have an example (or can point me to documentation) of setting up the ASA using Microsoft NPS server for Radius with Azure AD for the second factor.  I have an ASA pointed towards a Microsoft NPS server with the Azure MFA extension. Everything appears to be setup on the NPS/Azure side. I get the MFA prompt on my phone and can approve it. From the NPS server it appears that I am authenticated correctly but as soon as I approve the prompt on my phone I get an Anyconnect error "User not authorized for AnyConnect Client access..."

 

On the ASA, the only thing I have defined is the aaa server and radius protocol.

 

thanks

1 Accepted Solution

Accepted Solutions

zrunner626
Level 1
Level 1

I figured it out. After doing some research on the error "User not authorized for AnyConnect Client access..."  it says it's related to the Anyconnect image missing. Though it was loaded on the ASA, I disabled DTLS with the command "enable outside tls-only" and it allowed my connection to complete.

View solution in original post

1 Reply 1

zrunner626
Level 1
Level 1

I figured it out. After doing some research on the error "User not authorized for AnyConnect Client access..."  it says it's related to the Anyconnect image missing. Though it was loaded on the ASA, I disabled DTLS with the command "enable outside tls-only" and it allowed my connection to complete.