Re: Server 2019 VPN firepower 1010

Gurvinderyfy · ‎11-26-2022

Hi I've been trying to configure the server 2019 native VPN service but when I go to connect from the windows 10 client it always gives me an error. What do I have to configure through the FDM to allow the win 10 connection to get through the firepower 1010 set up at the server.

Karsten Iwen · ‎11-26-2022

The best way would be to terminate the remote-access-VPN on the FTD with AnyConnect.

But if you really want to do it on the Windows server:

Ideally move the RAS server to a DMZ and configure tight access-control from this server to the internal network
Configure Port forwarding for UDP/500 and UDP/4500 to the RAS server
Allow these two ports in Access-Control
Configure both the RAS-Server and the Win10 client for IKEv2/IPsec VPNs.

Gurvinderyfy · ‎11-27-2022

Yes I'd like to use Any connect but this is only for an office of 6 people
and purchasing an anyconnect license for 25 makes no sense for this one
office. Are there any ways to purchase fewer then 25 licenses?

Karsten Iwen · ‎11-27-2022

The 25 user license is the smallest that is possible. But the PLUS subscription is not that expensive. It will save you time implementing it and you'll likely end with a network that is more secure.

Gurvinderyfy · ‎11-28-2022

One more follow up. If I purchase the 25 licenses do they all have to be applied to the same device. Am I able to purchase 25 and allocate to different devices/offices if needed?

Karsten Iwen · ‎11-28-2022

The licensing is user-based. You can apply the license to as many devices as you want as long as they all belong to the same organisation.

MHM Cisco World · ‎11-27-2022

are you use native L2TP PTPP or IKEv2 ??