Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2028
Views
0
Helpful
2
Replies

ISE with local authentiacation for anyconnect remote vpn

Go to solution
kapydan88
Level 4
Level 4

‎07-19-2021 07:25 AM

Hello for everybody.

 

We are going to implement next scheme for anyconnect:

 

- one ISE with local authentication (without AD intehration). Several local users have been created on this ISE for remote connection via anyconnect.

- one or two(HA) Firepower 1120 or 1140 for remote vpn. It is planned to create a VPN on this device for remote connection of users using ISE with local accounts as AAA server.

 

Is it possible to realize this scheme or not? If so, are there any restrictions on the ISE (software version, device model, etc.)

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎07-19-2021 07:33 AM

@kapydan88 

Yes you can use ISE Internal User identity store to authenticate RAVPN users. Just configure the FTD to use ISE as the RADIUS server and configure the Policy Set to check the local identity store when authnenticating the users.

 

Any currently supported ISE version will support the Local User Identity Store.

 

FYI, FTD 7.0 now supports local user authentication without having to use an external datastore.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎07-19-2021 07:33 AM

@kapydan88 

Yes you can use ISE Internal User identity store to authenticate RAVPN users. Just configure the FTD to use ISE as the RADIUS server and configure the Policy Set to check the local identity store when authnenticating the users.

 

Any currently supported ISE version will support the Local User Identity Store.

 

FYI, FTD 7.0 now supports local user authentication without having to use an external datastore.

0 Helpful

Go to solution
kapydan88
Level 4
Level 4
In response to Rob Ingram

‎07-19-2021 07:40 AM

Thanks for answer.

 

About local user authentication in FTD 7.0 its good news. This should make easier remote connection.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents