Meraki

Community

About KPI

Re: AnyConnect with Azure AD SAML - User's get "Can't reach this page"

by in Security & SD-WAN
‎Jul 20 2022 12:26 PM
‎Jul 20 2022 12:26 PM
I will mark this as acceptable. We are talking with Verizon at this point to discuss the WAN connection.   In short, if you see what seem to be random issues as described above: 1. Test with the other WAN (if you use two WANs in load balance or fail-over mode 2. Make sure your AnyConnect Enterprise App is only tied to ONE Conditional Access policy ... View more

Re: AnyConnect with Azure AD SAML - User's get "Can't reach this page"

by in Security & SD-WAN
‎Jul 19 2022 12:55 PM
4 Kudos
‎Jul 19 2022 12:55 PM
4 Kudos
Update: After speaking with Microsoft and Meraki support and getting back to square one, I decided to try changing the primary WAN from 2 (Verizon) to 1 (Comcast). This apparently worked. My connection worked every time, and a user who never had a successful connection worked every time as well. There was/is some loss (and I mean 1-3% every so often on the Verizon circuit), so maybe that's part of the issue. We are going to contact Verizon to see if they can check the circuit/signal.   Another note: Make sure your CA policies are in good order. I found that a user was being checked by the wrong CA policy first, and that policy was causing issues. Make sure to exclude AnyConnect from all other policies so that only the appropriate policy applies to enforce MFA. ... View more

Re: AnyConnect with Azure AD SAML - User's get "Can't reach this page"

by in Security & SD-WAN
‎Jul 13 2022 6:48 AM
‎Jul 13 2022 6:48 AM
It seems to work on every other connection. I've also run a packet capture and I don't see any data on the failed attempts. Could this be some Azure AD response requirement that is not showing up correctly, and then ultimately times out? ... View more

Re: AnyConnect with Azure AD SAML - User's get "Can't reach this page"

by in Security & SD-WAN
‎Jul 5 2022 5:44 AM
‎Jul 5 2022 5:44 AM
Thanks for response. Current version is 17.8 which is seemingly stable. Yes, there is a static public IP on it. In fact there are two static IPs (two ISPs) that are active. Maybe that is an issue? Perhaps I should configure one as backup. ... View more

AnyConnect with Azure AD SAML - User's get "Can't reach this page"

by in Security & SD-WAN
‎Jul 1 2022 7:06 AM
1 Kudo
‎Jul 1 2022 7:06 AM
1 Kudo
Firmware 17.8 (same issues with 16.16)   Set up AnyConnect Azure AD SAML. One user authenticates successfully and receives 'Can't reach this page' in the Cisco AnyConnect Login box after providing MFA.   When I test with my admin account, this first time it hangs after successful MFA and finally gives a 'CSRF token failed' message. Then each time I attempt afterward it will successfully connect. Here is the AnyConnect log showing the first failed attempt and the subsequent successful attempt:   I notice the first time, I don't see the banner message. Both users testing (including myself) are in the Azure AD enterprise app group.   My AnyConnect / Azure AD settings:     ... View more
My Accepted Solutions
View all
© 2024 Cisco Systems, Inc.