About DannyDulin

DannyDulin · 05-07-2024

RAVPN connection profiles using Azure MFA for Authentication.We are using ISE for Authorization.When the FTD receives the SAML response from Azure MFA that includes multiple attributes in the claim, which attribute does FTD send to ISE as "username" ...

DannyDulin · 04-16-2024

We have clients receiving a "PKCS12 (PFX) without a supplied password" error while connecting to RAVPN using Cisco Secure Client (5.1.2.42). The headend device is FTD 3130.The full error is "There was an erro during initialization: PKCS12 (PFX) witho...

DannyDulin · 03-26-2024

Good day everyone.We are conducting a proof of concept with Azure MFA providing second factor authentication for RAVPN.Our parent agency owns the Azure AD that includes a user account for all our users in our agency.However, we own and manage an in-h...

DannyDulin · 03-25-2024

Hello everyone.I have configured my RAVPN connection profile to leverage SAML. I have configured it with the correct SSO object. I've verified the Azure AD Identifier, Azure Login and Logout URL's. When I connect to the VPN headend (FTD) with AnyConn...

DannyDulin · 01-31-2024

Ultimately we want to use AuthC via certificates for our FTD RAVPN users.We want to be able to use ISE's Internal CA to issue those certificates to endpoints.I can't seem to find documentation how to issue the certificates.I know how to setup a RAVPN...

DannyDulin · 05-09-2024

We are not using hostscan.

DannyDulin · 05-09-2024

I am not using dACL with these afore mentioned AuthZ profiles, but I have used dACL in another scenario with VPN.I encountered a problem and it turned out to be too many characters in the dACL. SERIOUSLY!The whole dACL can not exceed 4000 characters ...

DannyDulin · 05-09-2024

We do 1st and 2nd factor authentication with Azure MFA (Parent agency AD)We do authorization with ISE (our agency AD)ISE for authorization only.We also assign RAVPN group policies based on our AD groups.

DannyDulin · 05-08-2024

@Ricky Sandhu I found the answer I was looking for. First let me refresh your memory our use case.Azure MFA is linked with an AD that belongs to our parent agency. Our agency has AD accounts in our parent agency's AD because we have multiple apps tha...

DannyDulin · 05-07-2024

@Ricky Sandhu "I did have to ensure I don't strip the realm from the username in the ASA when sending it to ISE for authentication. Without this, ASA was only sending firstname.lastname to ISE and it was failing. Now it sends First.Last@domain.com ...

Member Since	‎08-19-2021 01:58 PM
Date Last Visited	‎05-16-2024 05:50 PM
Posts	74
Total Helpful Votes Received	29

User Statistics

User Activity

What SAML attribute does Firepower use as "username" in RADIUS AuthZ?

PKCS12 (PFX) without a supplied password error

Authenticate w/ Azure AD (MFA) but Authorize with ISE w/ different AD

RAVPN FTD not redirecting to SAML

Deploy certificates to endpoints with ISE Internal CA

Re: Configuring MFA Using Cisco ISE and Microsoft Azure MFA

Re: Configuring MFA Using Cisco ISE and Microsoft Azure MFA

Re: Configuring MFA Using Cisco ISE and Microsoft Azure MFA

Re: Configuring MFA Using Cisco ISE and Microsoft Azure MFA

Re: Configuring MFA Using Cisco ISE and Microsoft Azure MFA