10-02-2023 12:41 PM
AnyConnect profile that is currently in use has multiple FQDNs using the same public IP address. Example below:
abcvpn.com > 1.1.1.1
abcvpn1.com > 1.1.1.1
I want to create a new profile while implementing Cisco Duo and a new FQDN but Mgmt wants to continue to use the same FQDN and same IP for the new AnyConnect profile. abcvpn.com. My question is will using the same FQDN and public ip for the new profile present any issues? The profiles will all be on the same ASA.
10-02-2023 12:48 PM
@Elude you can use a different FQDN as long as it resolves to the same IP. You should replace your certificate and include a SAN entry for the new FQDN or use a wildcard cert, this will avoid any certificate errors.
10-02-2023 01:01 PM
That's the thing though they don't want to use a new FQDN. They want to continue to use the same FQDN abcvpn.com and same public IP address for the new profile that I want to create to utilize Cisco Duo. I don't see how that is going to work when i apply the same FQDN abcvpn.com using the same public ip all while maintaining the working VPN profile that is using abcvpn.com and bringing up the new VPN profile using Cisco Duo. I'm sorry if it sounds confusing just trying to understand how it works and implement this new profile without disturbing Production. If both the current profile and the new profile both use the same FQDN and same public how will it know which profile to download when connecting ?
10-02-2023 01:05 PM - edited 10-02-2023 11:17 PM
@Elude ok, create a new connection profile/tunnel-group with a different alias or url ie., fqdn/duo which uses duo for authentication.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide