Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1889
Views
0
Helpful
1
Replies

Azure MFA with AnyConnect VPN using Cisco ISE 2.7 and FTD 2140 version 6.6.1

Terence Lockette
Level 1
Level 1

ā€Ž05-14-2021 06:09 AM

Hello,

We are currently in the process of preparing for a migration from a pair of ASA 5525Xs to a pair of 2140 FTD appliances.  We have SAML authentication configured on the ASAs for MFA to our Azure instance for AnyConnect remote access VPN which works great.  However, it doesn't appear that SAML is supported on the FTDs running version 6.6.1 but was told that version 6.7 does support SAML.  We decided to keep version 6.6.1 at the time because it was the suggested release and we didn't want to run 6.7 since it was just recently released.

We thought we could pass SAML authentication to ISE so that we could still MFA for remote access VPN but I am having a hard time finding documentation for it.  My questions are these: Is it possible to use ISE to handle SAML authentication for remote access VPN so that clients can MFA before finally connecting?  If so, what version of ISE supports it?

Thanks!

Terence

0 Helpful
1 Reply 1

Massimo Baschieri
Level 3
Level 3

ā€Ž05-14-2021 09:59 PM

As  far as I know the answer is no, ise supports saml only for portal based authentications.

You need to upgrade your firepower deployment to 6.7 release in order to add support for saml directly to your 2140s.

0 Helpful
Customers Also Viewed These Support Documents