This section provides the configuration information on integrating Advanced Authentication with Cisco AnyConnect. This integration secures the Cisco AnyConnect VPN connection.
To configure the Advanced Authentication integration with Cisco AnyConnect perform the following tasks:
Ensure that you meet the following requirements:
Install and configure Cisco ASA 5555-X with Firepower
Install Cisco ISE
Install Advanced Authentication appliance
Configure a repository with the user data in the Advanced Authentication server
Open the Advanced Authentication Administration portal.
Move one or more chains fromto list. Ensure that the chains are assigned to the appropriate group of users in of the section.
Specify anof the Cisco ISE server.
Specifyof the Client.
Specify the RADIUS shared secret and confirm it.
Click icon to save the Client details.
Navigate to> > > .
Select thein and click .
The Edit AnyConnect Connection Profile window is displayed.
Set theas in the .
Select the group created for Advanced Authentication server from.
Navigate to> > > > > .
Specify the name of policy in.
Specify the text to display as message in.
Clickthen select and as the .
Navigate to> > in Cisco ISE.
Clickfrom the External Identity Sources navigation pane on the left.
Specify the following details in thetab:
: IP address or host name of the Advanced Authentication server.
: Secret set in the RADIUS server to establish a connection.
: Port to communicate with the RADIUS server. The default port is 1812.
: Time in seconds that Cisco ISE should wait for a response from the RADIUS token server before it determines that the primary server is down. The default timeout value is 5 secs.
: The number of times that Cisco ISE should reconnect to the primary server before moving on to the secondary server (if configured) or dropping the request if there is no secondary server. The default is 3.
Navigate to> > .
From the Status column, click the currenticon and from the dropdown list update the status for the policy set as necessary.
Specify Policy Set Name and Description.
Select theattribute and operator.
After you complete all the above tasks, configure an authorization policy for the preferred VPN profile and user group in the repository.
Launch Cisco AnyConnect Client.
Specify the credentials and click.
Specify the input for second-factor authenticator as the administrator has configured.