About doukkalli

doukkalli · 04-28-2020

Our FTD 6.6.0 RA VPN is now working.Thanks to all member of this community. The VPN AnyConnect connection is very slow. Ping from AnyConnect client to a internal server took between 9ms to 90ms with 0% load of the Firepower 2130. What would be the is...

doukkalli · 04-28-2020

Problem Description:We cannot get AnyConnect VPN clients to retrieve an IP address from our primary DHCP server. I face exactly the same issue here: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo12057/?rfs=iqvred If we setup a local pool in the ...

doukkalli · 04-24-2020

Hi,I am using a Cisco Firepower 2130 with FTD code version 6.5.0 for RA VPN using AnyConnect Client 4.x.I configured my VPN to use a DHCP Server a.b.c.d and DHCP Scope 10.44.96.20-10.44.111.254.When I use only the VPN Pool (like DHCP scope) AnyConnec...

doukkalli · 04-09-2020

Hi, I setup a RA VPN using Cisco Firepower 2130 FTD 6.5.0 and AnyConnect client without split tunnels.I setup a NAT Rule and an access control policy to allow traffics. When I connect to VPN Gateway I can access to internal LAN (RFC 1918) but I cann...

doukkalli · 04-07-2020

Hi,I configured RA VPN (AnyConnect) using Firepower 2130 FTD and Active Directory. All used belonged to the right group can connect to VPN using AnyConnect. They can access to our ressources (RFC 1918).When I add Microsoft NPS as Radius servers to fo...

doukkalli · 04-29-2020

Yes sure.I will write a complete setup guide RA VPN with DHCP, Microsoft NPS for Radius and MFA.I need to santize the document to remove all company private information to avoid any information gathering.Will keep you updated.

doukkalli · 04-29-2020

Solution found: DHCP Scope in RA VPN in must a subnet like 10.44.96.0 and not IPv4 addresse like 10.44.96.20 like stated in Cisco FTD documentation. I hope Cisco will add theses steps in the RA VPN setup:- DHCP Scope must be the network subnet like 1...

doukkalli · 04-29-2020

Hi,Today I tried to connect but DHCP didn't give a lease to FTD. When I add in the NAT exempt rule from LAN network(s) to RAVPN (DHCP scope) network, and I "clear conn", yesterday it's worked.Today no DHCP lease and RA VPN cannot receive an IP addres...

doukkalli · 04-29-2020

Is your DHCP server on the same subnet as your FTD inside interface? DHCP is in another VLAN than Inside interface but there is no filtering.

doukkalli · 04-28-2020

Thanks RJI.I added route-lookup and DHCP is now working with RA VPN.Good advice.@Rob Ingram wrote:Hi,Append route-lookup to your NAT exempt rule from LAN network(s) to RAVPN (DHCP scope) network. You may need to "clear conn".HTH

Member Since	‎05-24-2019 02:16 AM
Date Last Visited	‎05-24-2020 11:43 AM
Posts	17
Total Helpful Votes Received	5

User Statistics

User Activity

FTD 6.6.0 RA VPN very slow - Ping from AnyConnect client change from 9ms to 90ms with 0% load of the Firepower 2130

FTD 6.6.0 RA VPN - DHCP Server configuration not working

AnyConnect took a long time to get an IP address from VPN Pool using DHCP server

Cisco Firepower FTD 6.5.0 with AnyConnect RA VPN

How to add MFA using Microsoft NPS and Firepower 2130 with FTD

Re: AnyConnect took a long time to get an IP address from VPN Pool using DHCP server

Re: FTD 6.6.0 RA VPN - DHCP Server configuration not working

Re: FTD 6.6.0 RA VPN - DHCP Server configuration not working

Re: AnyConnect took a long time to get an IP address from VPN Pool using DHCP server

Re: FTD 6.6.0 RA VPN - DHCP Server configuration not working