07-19-2021 07:25 AM
Hello for everybody.
We are going to implement next scheme for anyconnect:
- one ISE with local authentication (without AD intehration). Several local users have been created on this ISE for remote connection via anyconnect.
- one or two(HA) Firepower 1120 or 1140 for remote vpn. It is planned to create a VPN on this device for remote connection of users using ISE with local accounts as AAA server.
Is it possible to realize this scheme or not? If so, are there any restrictions on the ISE (software version, device model, etc.)
Solved! Go to Solution.
07-19-2021 07:33 AM
Yes you can use ISE Internal User identity store to authenticate RAVPN users. Just configure the FTD to use ISE as the RADIUS server and configure the Policy Set to check the local identity store when authnenticating the users.
Any currently supported ISE version will support the Local User Identity Store.
FYI, FTD 7.0 now supports local user authentication without having to use an external datastore.
07-19-2021 07:33 AM
Yes you can use ISE Internal User identity store to authenticate RAVPN users. Just configure the FTD to use ISE as the RADIUS server and configure the Policy Set to check the local identity store when authnenticating the users.
Any currently supported ISE version will support the Local User Identity Store.
FYI, FTD 7.0 now supports local user authentication without having to use an external datastore.
07-19-2021 07:40 AM
Thanks for answer.
About local user authentication in FTD 7.0 its good news. This should make easier remote connection.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: