Solved: Re: Remote VPN FMC 6.6.5

keithcclark71 · ‎02-21-2022

I was wondering if I can connect two options for remote user VPN. As of now I have remote VPN configured for certificate based authentication only. I was wondering if I can add another using Radius so in effect when a user connects they have an option of choosing certificated based VPN or entering in their Active Directory credentials through windows radius?

MHM Cisco World · ‎02-21-2022

If I get you request,

config two tunnel group and enable group-alias, then the user can select group with prefer auth method.

View solution in original post

MHM Cisco World · ‎02-21-2022

If I get you request,

config two tunnel group and enable group-alias, then the user can select group with prefer auth method.

keithcclark71 · ‎02-21-2022

Hi thanks. When I connect the VPN i see what is in the attached screenshot. I cannot find where this group is located anywhere within my VPN settings. If I go in and add an additional connection profile (Tunnel Group) within FMC and I reconnect I still only see the group called Tunnelusers.

keithcclark71 · ‎02-21-2022

Thank you I got two methods to authenticate using the Tunnel Groups one being smart card only users and the other for Radius. Super cool. It took me awhile to figure out how to troubleshoot my radius setup and if you are ever interested from the FTD you can run the following command to check your radius setting and communication to. In this case I using WINDOWS RADIUS NAP

Looks like they kept these from the ASA for the FTD. WIndowsRadius is name of radius object I created within FMC

1) Show run aaa-server

2) test aaa-server authentication WIndowsRadius host 192.168.30.10
Username: vpntest
Password: ***************