My usual process is to setup a Windows server with the NPS role, create the policies and RADIUS clients with a generated secret and then install the Azure MFA NPS extension via PowerShell. I’ll start by saying this isn’t my first instance of using Azure MFA with Cisco An圜onnect, however is the first time I’ve needed to work with a 3 rd party due to their ownership and control of the Cisco ASA firewalls.
I’ve wanted to write this post because I discovered several diagnostic tools that massively helped tracking down the root cause.
While deploying an Azure MFA solution integrating with a Cisco An圜onnect VPN I discovered a very frustrating issue that burned an untold amount of time – in short the problem was due to the use of a RADIUS secret with symbols and when removed resolved the issue immediately.
