AnyConnect local auth

Answered Question
Jan 19th, 2009

I have configured webvpn/AnyConnect on an ASA. This firewall also has IPSec for remote access configured (and working). When I try and connect to webvpn, I get the following error-

User not authorized for AnyConnect Client access, contact your administrator

I believe I get his because the IPSec users use RADIUS to authenticate and webvpn is also. I want webvpn to only use the local database for now. Anyone know how to set webvpn for local auth?

Correct Answer by Ivan Martinon about 8 years 1 month ago

WEBVPN as uses a tunnel group for this user validation, if it is not specifically defined it will use the default one namely "DefaultWEBVPNGroup" in this section you need to enter into tunnel-group DefaultWEBVPNGroup general-attributes mode and enable the LOCAL server like shown below:

tunnel-group DefaultWEBVPNGroup general-attributes

authentication-server-group LOCAL

NOTE: if this webvpn is already using radius to validate users, you need to create another tunnel group where you will define the LOCAL authentication and make sure that that WEBVPN Tunnel group is chosen by the user. This can be done with group alias or group url on the ASA.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Ivan Martinon Mon, 01/19/2009 - 12:27

WEBVPN as uses a tunnel group for this user validation, if it is not specifically defined it will use the default one namely "DefaultWEBVPNGroup" in this section you need to enter into tunnel-group DefaultWEBVPNGroup general-attributes mode and enable the LOCAL server like shown below:

tunnel-group DefaultWEBVPNGroup general-attributes

authentication-server-group LOCAL

NOTE: if this webvpn is already using radius to validate users, you need to create another tunnel group where you will define the LOCAL authentication and make sure that that WEBVPN Tunnel group is chosen by the user. This can be done with group alias or group url on the ASA.

Actions

This Discussion