cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1460
Views
0
Helpful
4
Replies

Cisco Firepower 2110 DAP configuration. VPN device flexibility.

Amjad_Khan
Level 1
Level 1

Not sure if there is a solution out there yet. We recently purchased 2110 for VPN S2S and RA. We don't have ISE as it is out of our budget to house this. We are trying to see how we can control the RA computers that access our VPN. Has anyone found a work around to control only domain devices connect to RA VPN and none other or control device connectivity by MAC etc. Thanks. 

4 Replies 4

Hi,
You could configure the tunnel-group on the firewall to use "aaa + certificates", then only users authenticated with username/password and connecting from a computer with a certificate trusted by the firewall will be allowed to connect. Issue the certificate from a local PKI (Windows) and distribute the certificate to the computers using GPO.

HTH

I looked into this as well but we don't have an internal PKI infrastructure. Any other options.. 

Working on standing one up now...

Marvin Rhoads
Hall of Fame
Hall of Fame

I'm not aware of any other way to do this with the current 6.5 FTD release. It's not so hard to setup a Windows CA but managing it can be a bit challenging

As noted in the configuration guide, remote access VPN on FTD has limitations as follows:

The following AnyConnect features are not supported when connecting to an FTD secure gateway:

  • Secure Mobility, Network Access Management, and all other AnyConnect modules and their profiles beyond the core VPN capabilities and the VPN client profile.

  • Posture variants such as Hostscan and Endpoint Posture Assessment, and any Dynamic Access Policies based on the client posture.

  • ...<snip>

https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/firepower_threat_defense_remote_access_vpns.html#reference_xby_dml_wy

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: