ASA Cisco Configuration with Universal Proxy
- Open Cisco VPN administration panel. On the Configuration tab, select Remote Access VPN on the left panel.
- Add AAA server group to your AnyConnect connection profile. Go to the AAA/Local Users column menu and select the AAA Server Group.
- Click on “Add” and set the following settings.
- Click on “Ok” and then click on “Add” in the Server group tab. Set the settings according to your Universal Proxy instance. The sample image below is using a Universal Proxy instance with Password or LastPass mode along with Active Directory. If you are using Universal Proxy in LastPass mode, then your Naming Attribute must be set to uid.
- Click on “Test” in the server tab. Select “Authentication” and enter your username and password. A LDAP authentication request will be sent to the Universal Proxy and then to LastPass. You should receive an authentication request on your LastPass MFA app. Once you accept the request, you will see a success confirmation on Cisco side.
- Change you VPN “AAA Server Group” to the new one. Go to Configuration > AnyConnect Connection Profiles and double click on the VPN you want to be authenticated with LastPass MFA. Then, select the “AAA Server Group” from the list, click “Ok” and apply changes.