Has anyone been able to get anyconnect to work properly with ACS? The problem that I am having is that I want users to be able to download the Anyconnect client from the Webvpn page. When I have them log onto the Webvpn page by authenticating with ACS (using radius protocol), the Anyconnect client is not available for download on the left hand side of the Webvpn options. However, if I configure the ASA to use a local username and password and do the following commands : "username test attributes" "vpn-group-policy HQ-SSLVPN" then the Anyconnect client is available for users to download on the Webvpn page. This is the relevant configuration that I am using:
svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 1
group-policy DfltGrpPolicy attributes
dns-server value 192.168.0.15
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
nac-settings value DfltGrpPolicy-nac-framework-create
When I am debugging the output, I do notice one difference. When the ASA is using ACS to authenticate it shows that AAA retrieve user specific group policy (HQ-SSLVPN). However, when the ASA just uses the local username and password, it says that AAA retrieved user specific group policy (HQ-SSLVPN) and right afterwards it says that AAA retrieved default group policy (DfltGrpPolicy).
Also, when I have the ASA configured to use ACS, if the person does already have the Anyconnect client installed on their computer and they try to login in using Anyconnect, it comes back with an error stating "Anyconnect is not enabled on the VPN Server". Of course, this goes away once I have them authenticating to the local ASA database. Any help or insite would be greatly appreciated.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...