10-23-2019 01:27 PM - edited 02-21-2020 09:37 AM
Not sure if there is a solution out there yet. We recently purchased 2110 for VPN S2S and RA. We don't have ISE as it is out of our budget to house this. We are trying to see how we can control the RA computers that access our VPN. Has anyone found a work around to control only domain devices connect to RA VPN and none other or control device connectivity by MAC etc. Thanks.
10-23-2019 01:46 PM
10-24-2019 07:17 AM
I looked into this as well but we don't have an internal PKI infrastructure. Any other options..
10-24-2019 07:21 AM
10-24-2019 09:52 AM - edited 10-24-2019 09:54 AM
I'm not aware of any other way to do this with the current 6.5 FTD release. It's not so hard to setup a Windows CA but managing it can be a bit challenging
As noted in the configuration guide, remote access VPN on FTD has limitations as follows:
The following AnyConnect features are not supported when connecting to an FTD secure gateway:
Secure Mobility, Network Access Management, and all other AnyConnect modules and their profiles beyond the core VPN capabilities and the VPN client profile.
Posture variants such as Hostscan and Endpoint Posture Assessment, and any Dynamic Access Policies based on the client posture.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide