https://community.cisco.com/t5/network-security/vpn-with-alias-on-ftd/m-p/5289253#M1120966 <P>Currently we have an ASA and use Secure Client 5.1.8.105 and two profiles using Alia that authenticate via 2FA. To get the correct profile, split tunnel or full tunnel a use tacks the alias on to the URL and then connects, authenticates full 2FA and gets the appropriate profile and goes to work.</P><P>Trying to replicate this on an FTD using same versions of client, and 7.4.2 gold star, it fails when trying to add the alias with a No valid certificates available for authentication being logged before disconnect.</P><P>To block hackers and spammers, DefaultGroup is setup for DefaultWEbVPN and is sent to AAA in the sky, IOW a dead server. To avoid being hacked on our active profiles, the drop down is disabled on login.&nbsp; Its the exact same setup as the ASA which works fine.&nbsp;</P><P>I attempted to access this page since I managed via CDO, It's description states</P><P><SPAN class=""><SPAN>Aliases —Provide an alternate name or URL for the connection profile. Remote Access <STRONG>VPN</STRONG> administrators can enable or disable the <STRONG>Alias</STRONG> names and <STRONG>Alias</STRONG> URLs. <STRONG>VPN</STRONG> users can choose an <STRONG>Alias</STRONG> name when they connect to the <STRONG>FTD</STRONG> device remote access <STRONG>VPN</STRONG> using the AnyConnect <STRONG>VPN</STRONG> client. Step 4: Click Save.</SPAN></SPAN></P><P><SPAN class=""><SPAN>but the URL is </SPAN></SPAN><A href="https://edge.us.cdo.cisco.com/content/docs/t_configure_multiple_connection_profiles.html#!c-migrating-palo-alto-networks-firewall-to-multicloud-defense-with-the-firewall-migration-tool-in-cisco-defense-orchestrator.html" target="_blank" rel="noopener">https://edge.us.cdo.cisco.com/content/docs/t_configure_multiple_connection_profiles.html#!c-migrating-palo-alto-networks-firewall-to-multicloud-defense-with-the-firewall-migration-tool-in-cisco-defense-orchestrator.html</A> and it directs to a Migration document for Palo Alto.&nbsp; Cisco&nbsp; web techs must be drunk.</P><P>It looked like what I need is the doc prior to redirection, but its doesn't stay up long enough to understand what it says. Where can I find the documentation to configure teh Secure Connect to work as it does on my ASA by adding the alias to the URL&nbsp;&nbsp;</P><P><A href="https://vpn.domain.com/mfa" target="_blank" rel="noopener">https://vpn.domain.com/mfa</A></P><P>&nbsp;</P><P>&nbsp;</P> Thu, 08 May 2025 21:31:49 GMT tahscolony 2025-05-08T21:31:49Z https://community.cisco.com/t5/network-security/vpn-with-alias-on-ftd/m-p/5289253#M1120966 <P>Currently we have an ASA and use Secure Client 5.1.8.105 and two profiles using Alia that authenticate via 2FA. To get the correct profile, split tunnel or full tunnel a use tacks the alias on to the URL and then connects, authenticates full 2FA and gets the appropriate profile and goes to work.</P><P>Trying to replicate this on an FTD using same versions of client, and 7.4.2 gold star, it fails when trying to add the alias with a No valid certificates available for authentication being logged before disconnect.</P><P>To block hackers and spammers, DefaultGroup is setup for DefaultWEbVPN and is sent to AAA in the sky, IOW a dead server. To avoid being hacked on our active profiles, the drop down is disabled on login.&nbsp; Its the exact same setup as the ASA which works fine.&nbsp;</P><P>I attempted to access this page since I managed via CDO, It's description states</P><P><SPAN class=""><SPAN>Aliases —Provide an alternate name or URL for the connection profile. Remote Access <STRONG>VPN</STRONG> administrators can enable or disable the <STRONG>Alias</STRONG> names and <STRONG>Alias</STRONG> URLs. <STRONG>VPN</STRONG> users can choose an <STRONG>Alias</STRONG> name when they connect to the <STRONG>FTD</STRONG> device remote access <STRONG>VPN</STRONG> using the AnyConnect <STRONG>VPN</STRONG> client. Step 4: Click Save.</SPAN></SPAN></P><P><SPAN class=""><SPAN>but the URL is </SPAN></SPAN><A href="https://edge.us.cdo.cisco.com/content/docs/t_configure_multiple_connection_profiles.html#!c-migrating-palo-alto-networks-firewall-to-multicloud-defense-with-the-firewall-migration-tool-in-cisco-defense-orchestrator.html" target="_blank" rel="noopener">https://edge.us.cdo.cisco.com/content/docs/t_configure_multiple_connection_profiles.html#!c-migrating-palo-alto-networks-firewall-to-multicloud-defense-with-the-firewall-migration-tool-in-cisco-defense-orchestrator.html</A> and it directs to a Migration document for Palo Alto.&nbsp; Cisco&nbsp; web techs must be drunk.</P><P>It looked like what I need is the doc prior to redirection, but its doesn't stay up long enough to understand what it says. Where can I find the documentation to configure teh Secure Connect to work as it does on my ASA by adding the alias to the URL&nbsp;&nbsp;</P><P><A href="https://vpn.domain.com/mfa" target="_blank" rel="noopener">https://vpn.domain.com/mfa</A></P><P>&nbsp;</P><P>&nbsp;</P> Thu, 08 May 2025 21:31:49 GMT https://community.cisco.com/t5/network-security/vpn-with-alias-on-ftd/m-p/5289253#M1120966 tahscolony 2025-05-08T21:31:49Z https://community.cisco.com/t5/network-security/vpn-with-alias-on-ftd/m-p/5289935#M1120993 <P>You can reference the documentation for this feature in the on-prem FMC guide as this feature works the same from either management location.</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/770/management-center-device-config-77/vpn-remote-access.html#task_pvz_m35_5gb" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/770/management-center-device-config-77/vpn-remote-access.html#task_pvz_m35_5gb</A></P> <P>&nbsp;</P> Mon, 12 May 2025 12:51:26 GMT https://community.cisco.com/t5/network-security/vpn-with-alias-on-ftd/m-p/5289935#M1120993 Marvin Rhoads 2025-05-12T12:51:26Z https://community.cisco.com/t5/network-security/vpn-with-alias-on-ftd/m-p/5289949#M1120994 <P>I figured it out, fat fingered the URL.</P><P>&nbsp;</P><P>Time for new glasses.</P> Mon, 12 May 2025 13:18:59 GMT https://community.cisco.com/t5/network-security/vpn-with-alias-on-ftd/m-p/5289949#M1120994 tahscolony 2025-05-12T13:18:59Z