Hi.I am trying to use Cisco ASA for VPN connections.I want to authenticate users by RADIUS server using only MS-CHAPv2.When using PAP, everything works.After enabling "password-management" in my RADIUS log I see:Invalid user: [vpnuser/<no User-Passwo...
Forum Posts
Hello!We use SSL VPN with certificate based authentication. All users have personal certificates with subjectAltName = email:$USER@$DOMAINWould like to extract email from SAN to set it as username under "show vpn-sessiondb anyconnect"Tried to use LUA...
A few days back I had asked a question here regarding use of Windows L2TP client and ASA. Someone kindly responded pointing me to using Powershell to change the encryption Windows would use (as 3DES is depreciated on v9.18). I created a test VPN conn...
hi out thereI have a "funny" problem - we have a ASA AnyConnect VPN hub supporting many users - and different type of users. For each type of user we have different Connection profiles and corressponding Group Policies. They are all certificate authe...
Hello everyone,I am trying to configure Site-to-Site VPNs as below:Site A:FTD v6.7 In/Out Static IPSite B:Modem external interface FQDN "my.exemple.com (IP 93.229.6.x it always changes)" - internal interface DHCP 192.168.178.0/24FTD v6.7 receives fo...
Hello everyone,I am trying to configure Site-to-Site VPNs as below:Site A:FTD v6.7 In/Out Static IPSite B:Modem external interface FQDN "my.exemple.com (IP 93.229.6.x it always changes)" - internal interface DHCP 192.168.178.0/24FTD v6.7 receives fo...
Hi, I have a query.I know aggressive mode is used in case if the peer has dynamic IP's but may I know why main mode cannot be used? Can someone please explain this?Thanks
Resolved! Cisco1812J - Ikev2
Is Ikev2 available on Cisco1812J?
I saw that there was a verified solution to DMVPN Tunnel stuck at NHRP state.My issue is very similar to this but I have a static IP address at the spoke. So my address wouldn't change. So what I have is a spoke that can form a tunnel to the secondar...
Hello, I only need to manage remote anyconnect acces with LDAP or RADIUS authentication in a FPR HA active/standby architecture. no NGFW needed and no other functions. May I use FDM to manage FPR 2100 series and 3100 series? Tks Johnny
Hello, I need a couple of firewall to manage up to 1500 concurrent anyconnect connections. the firewall need only to manage anyconnect remote access. may I use a couple of FPR1140-ASA or FPR-1150 in load balancing? I would not configure them in failo...
Hello,i'm facing with the exact same issue, however the mentioned port isn't used by any other application, after we checked it.We tried to redo the command multiple times during a connection attempt and it is still empty.I checked the Internet Conne...
Resolved! VPN temporary access
I was wondering if there is an option to create a vpn temporary user which password automatically changes every 10 - 20 minutes.
Hello,I configured a RA VPN to authenticate using certificate.On FTD I installed the my root CA certificate, the identity certificate signed by this CA, and for computer I also generated and install a certificate (template = workstation, the same I u...
Hi, we've had a request to enable access to our remote access VPN from an RDP session running on a virtual machine. The two errors reported are:"VPN establishment capability for a remote user is disabled. A VPN connection will not be established." An...
