Excellent instructions!!! Thanks 🌟⭐ I figured a lot of this out as I had it configured on an ASA prior, but this is brilliant. You can use the following on the CLi to validate the configuration when logging in: debug webvpn saml 255 debug webvpn 255 debug webvpn session 255 debug webvpn request 255 !
Hello, I have the same scenario but I'm using ASA. I was able to established okta to get authenticated but I'm getting "Authentication failed due to problem retrieving the single sign-on cookie" not sure what that means.
This is very useful. I'm running into issues with the certificate. I see you're using a Windows server. Is that server reachable to the public? Would I have to buy a public SSL certificate for this?
Hi Colin, ideally you would want a public CA to sign the certificate of your VPN appliance so the clients won't get the untrusted cert popup. I am using a Windows CA to sign the identity certificate of the appliance and my test PCs also trust my Windows CA.
Hello, multiple VPN profiles in the client should not matter or overwrite each other. The client PC will simply merge connection options from multiple profiles.
@@AbhishekSingh-so2fd Assume I understand your question, you can create VPN Connection Profile#1 and point to Okta SSO server. Then, you can create a 2nd VPN connection profile #2 and point to the same Okta SSO server or another Okta account. All works. Or something else?
This is a perfect example. So little documentation out there, but this one hits the mark. Much appreciated.
Glad you found this useful! Thank you.
I couldn't agree more... Thanks Jerry for a great tutorial!
Excellent instructions!!! Thanks 🌟⭐
I figured a lot of this out as I had it configured on an ASA prior, but this is brilliant.
You can use the following on the CLi to validate the configuration when logging in:
debug webvpn saml 255
debug webvpn 255
debug webvpn session 255
debug webvpn request 255
!
Thank you for the positive feedback and suggestions!
Hello, I have the same scenario but I'm using ASA. I was able to established okta to get authenticated but I'm getting "Authentication failed due to problem retrieving the single sign-on cookie" not sure what that means.
This is very useful. I'm running into issues with the certificate. I see you're using a Windows server. Is that server reachable to the public? Would I have to buy a public SSL certificate for this?
Hi Colin, ideally you would want a public CA to sign the certificate of your VPN appliance so the clients won't get the untrusted cert popup. I am using a Windows CA to sign the identity certificate of the appliance and my test PCs also trust my Windows CA.
hope i get a reply for my question - what to do if you have multiple vpn profiles
Hello, multiple VPN profiles in the client should not matter or overwrite each other. The client PC will simply merge connection options from multiple profiles.
@@ciscolivesecurityfan1136 Thank you for the reply. What I meant is how to configure okta in case of multiple vpn profiles.
@@AbhishekSingh-so2fd Assume I understand your question, you can create VPN Connection Profile#1 and point to Okta SSO server. Then, you can create a 2nd VPN connection profile #2 and point to the same Okta SSO server or another Okta account. All works. Or something else?
@@ciscolivesecurityfan1136 Understood. Thank you so much for taking time and reply to my questions.
Under the remote mandagment, connection profile, Aliases, where did you get the group URL?
Hello, the group URL is the URL you(admin) have to create for the remote users to connect to. Just create the DNS entry your your DNS server.