Re: FTD Virtual Appliance

BM75635 · ‎03-05-2020

Hello Team,

Could you please help me to find an answer:

Is it possible to configure Remote Access Vpn on Cisco FTD Virtual Appliance?

If yes , what is the maximum numbre of simultaneous sessions?

Thank you very much for your answer.

Best regards,

Rob Ingram · ‎03-05-2020

Hi,

Yes it is possible to configure Remote Access VPN on Virtual FTD, example here.

Which version do you plan to use?

Are you using FMC or FDM to manage the FTD?

Sizing information here:

BM75635 · ‎03-05-2020

Hello RJI,

thank you very much for your answer.

I have not decided which version i will use.

for the management, it will be the FMC.

in the table that you sent, i see only ipsec Vpn but i need to use the SSL, is it possible?

i need also 500 simultaneous sessions.

Best regards,

Rob Ingram · ‎03-05-2020

Hi,
Yes SSL is possible, you should spec similar to the IPSec limit (12 vCPU).
I'd use FTD 6.4 patch 7 is the recommend version right now.

HTH

BM75635 · ‎03-05-2020

Hi,

Have you configured the ssl remote access vpn on the virtual FTD ?

Sorry but i did not find any documentation on the topic.

thanks,

Rob Ingram · ‎03-05-2020

Yes, the example provided describes using SSL or IKEv2/IPSec VPN, it's just a tick box to select which protocol to use when configuring via the wizard.

Marvin Rhoads · ‎03-05-2020

I've configured it - both with FMC management and with FDM management, with and without 2FA (Duo). It works perfectly fine.

There are a few limitations on FTD (all platforms). The main ones are:

AnyConnect modules other than VPN cannot be deployed by FTD (works OK if you deploy from ISE as the AAA server),
no DAP or Hostscan is supported,
clientless SSL VPN is not supported.