- Purple, 4500 points or more
I have configured webvpn/AnyConnect on an ASA. This firewall also has IPSec for remote access configured (and working). When I try and connect to webvpn, I get the following error-
User not authorized for AnyConnect Client access, contact your administrator
I believe I get his because the IPSec users use RADIUS to authenticate and webvpn is also. I want webvpn to only use the local database for now. Anyone know how to set webvpn for local auth?
WEBVPN as uses a tunnel group for this user validation, if it is not specifically defined it will use the default one namely "DefaultWEBVPNGroup" in this section you need to enter into tunnel-group DefaultWEBVPNGroup general-attributes mode and enable the LOCAL server like shown below:
tunnel-group DefaultWEBVPNGroup general-attributes
NOTE: if this webvpn is already using radius to validate users, you need to create another tunnel group where you will define the LOCAL authentication and make sure that that WEBVPN Tunnel group is chosen by the user. This can be done with group alias or group url on the ASA.