05-19-2020 11:30 AM
Does anyone have an example (or can point me to documentation) of setting up the ASA using Microsoft NPS server for Radius with Azure AD for the second factor. I have an ASA pointed towards a Microsoft NPS server with the Azure MFA extension. Everything appears to be setup on the NPS/Azure side. I get the MFA prompt on my phone and can approve it. From the NPS server it appears that I am authenticated correctly but as soon as I approve the prompt on my phone I get an Anyconnect error "User not authorized for AnyConnect Client access..."
On the ASA, the only thing I have defined is the aaa server and radius protocol.
thanks
Solved! Go to Solution.
05-19-2020 03:24 PM
I figured it out. After doing some research on the error "User not authorized for AnyConnect Client access..." it says it's related to the Anyconnect image missing. Though it was loaded on the ASA, I disabled DTLS with the command "enable outside tls-only" and it allowed my connection to complete.
05-19-2020 03:24 PM
I figured it out. After doing some research on the error "User not authorized for AnyConnect Client access..." it says it's related to the Anyconnect image missing. Though it was loaded on the ASA, I disabled DTLS with the command "enable outside tls-only" and it allowed my connection to complete.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide