https://community.cisco.com/t5/network-security/configure-secondary-username-from-certificate-in-ftd/m-p/4660282#M1092257 <P>Yes, you are right about that. I found out that this command is a default command and only visible by the "show run all" command. The reason it was visible in the ASA cli code, was because someone have made a change to the default setting.&nbsp;</P> <P>/Chess</P> Fri, 29 Jul 2022 12:52:18 GMT Chess Norris 2022-07-29T12:52:18Z https://community.cisco.com/t5/network-security/configure-secondary-username-from-certificate-in-ftd/m-p/4657422#M1092147 <P>Hello,</P> <P>I am in the process of migrating ASA code to FTD (7.0.1) but there is one command in the ASA that I cannot figure out where to&nbsp;configure in FMC.</P> <P>On the ASA I have the following RA VPN settings configured under tunnel-group general-attributes</P> <P>authorization-required<BR />secondary-username-from-certificate CN</P> <P>In FMC RA VPN configuration under the "Edit connection profile" and the AAA tab, there is a setting called "<SPAN>Map username from client certificate"</SPAN>&nbsp;but I can not see any option to use&nbsp; "secondary-username-from-certificate"</P> <P>Anyone know if that's possible?</P> <P>Thanks</P> <P>/Chess</P> Tue, 26 Jul 2022 14:37:44 GMT https://community.cisco.com/t5/network-security/configure-secondary-username-from-certificate-in-ftd/m-p/4657422#M1092147 Chess Norris 2022-07-26T14:37:44Z https://community.cisco.com/t5/network-security/configure-secondary-username-from-certificate-in-ftd/m-p/4657855#M1092175 <P>If the option is not in the GUI then you need to configure it via FlexConfig.&nbsp; But I would suggest testing this in a lab before doing it in production.</P> Tue, 26 Jul 2022 20:11:25 GMT https://community.cisco.com/t5/network-security/configure-secondary-username-from-certificate-in-ftd/m-p/4657855#M1092175 Marius Gunnerud 2022-07-26T20:11:25Z https://community.cisco.com/t5/network-security/configure-secondary-username-from-certificate-in-ftd/m-p/4658375#M1092186 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/319690">@Marius Gunnerud</a></P> <P>I tried to find this option in the as a device manager, just to see exactly what's it called there and see if I can find something similar in FMC. The RA VPN parameters use similar names in ASDM&nbsp; and FMC, but I cannot find this option in ASDM either. This option must be available there, since the command is visible in the CLI.&nbsp; Has anyone configured this in ASDM and now where this option is located?</P> <P>/Chess</P> Wed, 27 Jul 2022 08:43:49 GMT https://community.cisco.com/t5/network-security/configure-secondary-username-from-certificate-in-ftd/m-p/4658375#M1092186 Chess Norris 2022-07-27T08:43:49Z https://community.cisco.com/t5/network-security/configure-secondary-username-from-certificate-in-ftd/m-p/4659185#M1092234 <P>The ASDM does not support all configuration options for the ASA either. So, if that command is not present it just means it must also be configured using the CLI on the ASA</P> Thu, 28 Jul 2022 07:44:58 GMT https://community.cisco.com/t5/network-security/configure-secondary-username-from-certificate-in-ftd/m-p/4659185#M1092234 Marius Gunnerud 2022-07-28T07:44:58Z https://community.cisco.com/t5/network-security/configure-secondary-username-from-certificate-in-ftd/m-p/4660282#M1092257 <P>Yes, you are right about that. I found out that this command is a default command and only visible by the "show run all" command. The reason it was visible in the ASA cli code, was because someone have made a change to the default setting.&nbsp;</P> <P>/Chess</P> Fri, 29 Jul 2022 12:52:18 GMT https://community.cisco.com/t5/network-security/configure-secondary-username-from-certificate-in-ftd/m-p/4660282#M1092257 Chess Norris 2022-07-29T12:52:18Z