Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
20613
Views
0
Helpful
12
Replies

What is second username/password in AnyConnect?

Jun_Gao
Level 1
Level 1

‎01-21-2016 01:03 AM - edited ‎02-21-2020 08:38 PM

Hi Folks,

  • We were using Cisco Systems VPN Client in the past. Once we inputted the username and passcode, we were able to log in.
  • Now we changed to Cisco AnyConnect Secure Mobility Client, which requires second username/password. What is this? I tried the same username/passcode twice, but it's not working.

Thanks,
Jun Gao

1 person had this problem
Labels:
0 Helpful
12 Replies 12

Karsten Iwen
VIP
VIP

‎01-21-2016 03:14 AM

Look at your tunnel-group/connection-profile. You probably have secondary authentication enabled.

0 Helpful

Jun_Gao
Level 1
Level 1
In response to Karsten Iwen

‎01-21-2016 04:56 PM

Hi Karsten,

Thanks for yoru quick reply. I know tunnel-group/connection-profile is in place in Cisco Systems VPN Client. But could you please share me where I can find the same in AnyConnect? Thanks very much.

Regards,
Jun Gao

Preview file
18 KB
Preview file
21 KB
0 Helpful

Karsten Iwen
VIP
VIP
In response to Jun_Gao

‎01-21-2016 11:29 PM

That's a config you did on the ASA, not on the client.

0 Helpful

Jun_Gao
Level 1
Level 1
In response to Karsten Iwen

‎01-21-2016 11:44 PM

Hi Karsten,

Thanks for your quick reply again. So that means I have to check with the ASA administrator for the second credential? But we never faced this scenario when we were using Cisco Systems VPN Client in the past. Why there are two credentials that have to be provided in AnyConnect? We've never faced any issues to provide only one credential in Cisco Systems VPN Client as of now.

Regards,
Jun Gao

0 Helpful

Karsten Iwen
VIP
VIP
In response to Jun_Gao

‎01-22-2016 12:23 AM

Different VPN-clients can be controlled by different config on the ASA. For the old client there is no config for double-authentication while it is configured for the new client.

Your ASA administrator can fix that (or tell you how to authenticate if the double authentication was done on purpose).

0 Helpful

Jun_Gao
Level 1
Level 1
In response to Karsten Iwen

‎01-22-2016 12:30 AM

Hi Karsten, Thanks very much for your quick reply once again! I will try to check with the ASA administrator for the same and revert back to you. Regards, Jun Gao
0 Helpful

Jun_Gao
Level 1
Level 1
In response to Karsten Iwen

‎01-22-2016 01:13 AM

Hi Karsten, I just checked with the support team. I was told the Cisco AnyConnect is not enabled for our team. We are only allowed to use Cisco Systems VPN Client. Regards, Jun Gao
0 Helpful

bvj197222
Level 1
Level 1
In response to Jun_Gao

‎11-01-2018 03:03 AM

Old case, but the answer is this; The ASA-administrator has enabled secondary authentication in the AnyConnect Connection Profile. He didn't remove the hatch before the 'Use primary username (Hide secondary username on login page)'. If he had done that you would only see the secondary password-field.

0 Helpful

l-mathews
Level 1
Level 1
In response to bvj197222

‎12-21-2019 05:42 AM

how do you disable the secondary password fields for different vpn users or connection profiles

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to l-mathews

‎12-22-2019 06:47 PM - edited ‎12-23-2019 07:01 AM

@l-mathews please refer to this example:

https://community.cisco.com/t5/security-documents/configure-two-factor-authentication-on-asa-for-cisco-anyconnect/ta-p/3403768

It shows how to setup secondary authentication.

In your case, simply go into the relevant section of the configuration as described in the article and disable the option(s).

 

(edited to add link)

0 Helpful

l-mathews
Level 1
Level 1
In response to Marvin Rhoads

‎12-23-2019 01:26 AM

which example, can you post it here? only one tunnel-group has secondary authentication enabled yet all tunnel-group profiles see the secondary password

field when they connect. We are using secure mobility 4.6

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to l-mathews

‎12-23-2019 07:02 AM

Sorry - I neglected to add the link in my earlier post. I've edited it to include the relevant link.

0 Helpful
Customers Also Viewed These Support Documents