Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
RAVPN connection profiles using Azure MFA for Authentication.We are using ISE for Authorization.When the FTD receives the SAML response from Azure MFA that includes multiple attributes in the claim, which attribute does FTD send to ISE as "username" ...
We have clients receiving a "PKCS12 (PFX) without a supplied password" error while connecting to RAVPN using Cisco Secure Client (5.1.2.42). The headend device is FTD 3130.The full error is "There was an erro during initialization: PKCS12 (PFX) witho...
Good day everyone.We are conducting a proof of concept with Azure MFA providing second factor authentication for RAVPN.Our parent agency owns the Azure AD that includes a user account for all our users in our agency.However, we own and manage an in-h...
Hello everyone.I have configured my RAVPN connection profile to leverage SAML. I have configured it with the correct SSO object. I've verified the Azure AD Identifier, Azure Login and Logout URL's. When I connect to the VPN headend (FTD) with AnyConn...
Ultimately we want to use AuthC via certificates for our FTD RAVPN users.We want to be able to use ISE's Internal CA to issue those certificates to endpoints.I can't seem to find documentation how to issue the certificates.I know how to setup a RAVPN...
I am not using dACL with these afore mentioned AuthZ profiles, but I have used dACL in another scenario with VPN.I encountered a problem and it turned out to be too many characters in the dACL. SERIOUSLY!The whole dACL can not exceed 4000 characters ...
We do 1st and 2nd factor authentication with Azure MFA (Parent agency AD)We do authorization with ISE (our agency AD)ISE for authorization only.We also assign RAVPN group policies based on our AD groups.
@Ricky Sandhu I found the answer I was looking for. First let me refresh your memory our use case.Azure MFA is linked with an AD that belongs to our parent agency. Our agency has AD accounts in our parent agency's AD because we have multiple apps tha...
@Ricky Sandhu "I did have to ensure I don't strip the realm from the username in the ASA when sending it to ISE for authentication. Without this, ASA was only sending firstname.lastname to ISE and it was failing. Now it sends First.Last@domain.com ...
