- #WHAT TYPE OF SSL VPN REQUIRES CISCO ANYCONNECT SECURE MOBILITY CLIENT? HOW TO#
- #WHAT TYPE OF SSL VPN REQUIRES CISCO ANYCONNECT SECURE MOBILITY CLIENT? PASSWORD#
This means that reject messages can not be customised the same way as with using PAP. When using MS-CHAP-v2, dynamic reject messages will not be displayed from the Mideye Server, but instead from an internal database from your ASA. Also information about token cards that are out of sync can be presented to the user. For example, if login fails due to the mobile phone not being reachable, the Mideye error message ’Phone not reachable, for help see [is displayed to the user instead of the default message ’Login failed’. This means that more information about failed login attempts is presented to the user, enabling users to solve login problems themselves.
The option to present RADIUS-reject messages dynamically from a RADIUS server was introduced in ASA version 8.3.x when using PAP as authentication method (default authentication method). Limitations with dynamic RADIUS-reject messages
#WHAT TYPE OF SSL VPN REQUIRES CISCO ANYCONNECT SECURE MOBILITY CLIENT? HOW TO#
For detailed instruction how to enable password-management, see section Enable MS-CHAP-V2. To enable this feature Mideye Server release 4.3.0 or higher is required.
#WHAT TYPE OF SSL VPN REQUIRES CISCO ANYCONNECT SECURE MOBILITY CLIENT? PASSWORD#
Since Cisco ASA supports MS-CHAP-v2 as authentication protocol, users that are about to have their password expired can change their password when login on using An圜onnect SSLVPN. Refer to the Mideye Server Configuration guide for information on how to define a new RADIUS client. Hence, the Cisco ASA must be defined as a RADIUS client on the Mideye Server. Cisco ASA acts as a RADIUS client towards the Mideye Server. If there is a firewall between the Cisco ASA and the Mideye Server, it must be open for two-way RADIUS traffic (UDP, standard port 1812). Prerequisites & general issues RequirementsĪ Mideye Server (any release). The purpose of this guide is to provide guidelines on how to integrate Mideye two-factor authentication with Cisco An圜onnect SSL-VPN. Dynamic Access Policy using RADIUS-translation.Configure RADIUS-client to properly display special characters such as å, ä and ö.Enable password-management (MS-CHAP-v2).Dynamically display RADIUS-reject messages.Increase the timeout-value for the Cisco Anyconnect client.Configure settings for the connection-profile.Limitations with dynamic RADIUS-reject messages.