topic Re: FTD remote access VPN with ISE posture in Network Security https://community.cisco.com/t5/network-security/ftd-remote-access-vpn-with-ise-posture/m-p/3848892#M31714 <P>that is correct FTD does support CoA since 6.3 , which means you should be able to set this up just as you would on ASA.</P> <P>&nbsp;</P> <P>See the following guide as example for FTD</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/network-management/remote-access/212424-anyconnect-remote-access-vpn-configurati.html" target="_blank" rel="nofollow noopener noreferrer">https://www.cisco.com/c/en/us/support/docs/network-management/remote-access/212424-anyconnect-remote-access-vpn-configurati.html</A></P> <P>&nbsp;</P> <P>This is an older version for Posture setup with ISE but can be used as a guide line for FTD</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/117693-configure-ASA-00.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/117693-configure-ASA-00.html</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 02 May 2019 07:48:48 GMT ldanny 2019-05-02T07:48:48Z FTD remote access VPN with ISE posture https://community.cisco.com/t5/network-security/ftd-remote-access-vpn-with-ise-posture/m-p/3848834#M31713 <P>Hi team,</P> <P>&nbsp;</P> <P>Where can I find ISE component compatibility with FTD which is not included in the below document.</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/compatibility/b_ise_sdt_24.html#ciscoremoteaccess" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/compatibility/b_ise_sdt_24.html#ciscoremoteaccess</A></P> <P>&nbsp;</P> <P>I can see DACL and COA are supported from FTD6.3. But I still not sure if ISE posture solution for FTD anyconnect VPN can work or partially work.</P> Fri, 21 Feb 2020 17:05:56 GMT https://community.cisco.com/t5/network-security/ftd-remote-access-vpn-with-ise-posture/m-p/3848834#M31713 xili5 2020-02-21T17:05:56Z Re: FTD remote access VPN with ISE posture https://community.cisco.com/t5/network-security/ftd-remote-access-vpn-with-ise-posture/m-p/3848892#M31714 <P>that is correct FTD does support CoA since 6.3 , which means you should be able to set this up just as you would on ASA.</P> <P>&nbsp;</P> <P>See the following guide as example for FTD</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/network-management/remote-access/212424-anyconnect-remote-access-vpn-configurati.html" target="_blank" rel="nofollow noopener noreferrer">https://www.cisco.com/c/en/us/support/docs/network-management/remote-access/212424-anyconnect-remote-access-vpn-configurati.html</A></P> <P>&nbsp;</P> <P>This is an older version for Posture setup with ISE but can be used as a guide line for FTD</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/117693-configure-ASA-00.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/117693-configure-ASA-00.html</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 02 May 2019 07:48:48 GMT https://community.cisco.com/t5/network-security/ftd-remote-access-vpn-with-ise-posture/m-p/3848892#M31714 ldanny 2019-05-02T07:48:48Z Re: FTD remote access VPN with ISE posture https://community.cisco.com/t5/network-security/ftd-remote-access-vpn-with-ise-posture/m-p/3849117#M31715 <P>Hi Danny,</P> <P>&nbsp;</P> <P>The document is about ASA AnyConnect VPN with ISE posture and FTD AnyConnect VPN without ISE posture.</P> <P>&nbsp;</P> <P>Do you have FTD AnyConnect VPN with ISE posture document? Does FTD support redirect URL to ensure client provisioning working? If so, how to define redirect ACL, which ACL action mean redirect, permit or deny?</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 02 May 2019 14:28:16 GMT https://community.cisco.com/t5/network-security/ftd-remote-access-vpn-with-ise-posture/m-p/3849117#M31715 xili5 2019-05-02T14:28:16Z Re: FTD remote access VPN with ISE posture https://community.cisco.com/t5/network-security/ftd-remote-access-vpn-with-ise-posture/m-p/3850354#M31716 <P>Moving this topic to <A href="https://community.cisco.com/t5/firepower/bd-p/discussions-firepower" target="_blank" rel="noopener">FirePOWER</A>.</P> <P>This is actually among&nbsp;<A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/640/relnotes/firepower-release-notes-640/features.html#id_84381" target="_blank" rel="noopener">New Features in Firepower Device Manager/FTD Version 6.4.0</A></P> <P>&nbsp;</P> <TABLE style="border-collapse: collapse; width: 100%;" border="1"> <TBODY> <TR> <TD style="width: 50%;">Support for RADIUS servers and Change of Authorization in remote access VPN.</TD> <TD style="width: 50%;">You can now use RADIUS servers for authenticating, authorizing, and accounting remote access VPN (RA VPN) users. You can also configure Change of Authentication (CoA), also known as dynamic authorization, to alter a user’s authorization after authentication when you use a Cisco ISE RADIUS server.<BR />We added attributes to the RADIUS server and server group objects, and made it possible to select a RADIUS server group within an RA VPN connection profile.</TD> </TR> </TBODY> </TABLE> <P>ISE configurations are identical to that for ASA, as Danny pointed out.</P> <P>As FTD 6.4 released after the most recent ISE releases, it's not yet vetted by ISE teams. Please ask FirePower team for this info.</P> Sun, 05 May 2019 00:21:24 GMT https://community.cisco.com/t5/network-security/ftd-remote-access-vpn-with-ise-posture/m-p/3850354#M31716 hslai 2019-05-05T00:21:24Z