Test the Cisco RADIUS ASA VPN integration

Testing the Cisco RADIUS ASA VPN integrations involves two configuration tests: Single step and two-step flows. The following network diagrams represent these flows.

Topics

Flow diagrams

Network Diagram – Multi-step Flow

Network Diagram – Single-step Flow

Verify the Cisco ASA VPN Appliance is properly configured to work with Okta (two-step flow)

There are two parts to this test.

Part 1 – Test SSL-VPN with Cisco AnyConnect

  1. Open Cisco AnyConnect and click Connect, as shown below.

    Info

    Note

    The username must be in the format you specified when you added the app in Okta in Part 2, above.

  2. Enter your Username, Password, and optionally, a Group, and click OK, as shown below.

    • The username must be in the format you specified when you added the app in Okta in Part 2, above.
    • If configured, you concatenate the Password with a one-time password (OTP) or a keyword; for example Password1,123456, Password1,push, or Password1,sms, as detailed below.
      • 123456 – code from Okta Verify, Google Authenticator, or Yubikey OTP
      • push – trigger push notice to enrolled phone
      • sms – trigger sms to enrolled phone
      • other – any other configuration
  3. If you receive the Login Failed screen, check you username and password and try again.
  4. When the challenge screen appears, enter the corresponding number to the appropriate second factor and click Continue, as shown below. Follow the prompts to enter the second factor challenge.

    Info

    Note

    Users are challenged for a second factor to use based on the devices they have enrolled.

  5. After successfully completing the challenge, you are connected and see the screen shown below.

    If you enter an incorrect value or take to long to respond to the push notification, you see the screen shown below.

Test the clientless VPN with the AnyConnect web portal

  1. Navigate to the Cisco AnyConnect web portal URL, as shown below.
  2. Enter the same username, password, and group (optional), as in part 1, above.
  3. Enter the challenge factors when prompted.
  4. After successfully completing the challenge, you are connected and see the screen shown below.

    If you enter an incorrect value or take to long to respond to the push notification, you see the screen shown below.

Verify the Cisco ASA VPN Appliance is properly configured to work with Okta (single-step flow)

There are two parts to this test.

Part 1 – Test SSL-VPN with Cisco AnyConnect

  1. Open Cisco AnyConnect and click Connect, as shown below.

    Info

    Note

    The username must be in the format you specified when you added the app in Okta in Part 2, above.

  2. Enter your Username, Password,Second Password, and optionally, a Group, and click OK, as shown below.

    • The username must be in the format you specified when you added the app in Okta in Part 2, above.
    • Enter the second password, as follows.
      • 123456 – Code from Okta Verify, Google Authenticator, or Yubikey OTP
      • push – trigger push notice to enrolled phone
      • sms – trigger sms to enrolled phone
      • other – any other configuration
  3. If you receive the Login Failed screen, check you username and password and try again.
  4. After successfully completing the challenge, you are connected and see the screen shown below.

    If you enter an incorrect value or take to long to respond to the push notification, you see the screen shown below.

Part 2 –Test the clientless VPN with the AnyConnect web portal

  1. Navigate to the Cisco AnyConnect web portal URL, as shown below.

  2. Enter your Username, Password,Second Password, and optionally, a Group, and click OK, as shown below.

    • The username must be in the format you specified when you added the app in Okta in Part 2, above.
    • Enter the second password, as follows.
      • 123456 – Code from Okta Verify, Google Authenticator, or Yubikey OTP
      • push – trigger push notice to enrolled phone
      • sms – trigger sms to enrolled phone
      • other – any other configuration
  3. If you receive the Login Failed screen, check you username and password and try again.
  4. After successfully completing the challenge, you are connected and see the screen shown below.

    If you enter an incorrect value or take to long to respond to the push notification, you see the screen shown below.