Re: RA-VPN USER QUESTION

zachlin19381 · ‎02-25-2021

I have A & B group of RA-VPN with Firepower using FDM.

Right now, A user can login A & B group.

I want A user only can login A group and B user only can login B group.

How can I do ?

Lastly, I set up the secondary identity source and I use the common password

but it still use primary password to login.

what’s the common password meaning?

olvs · ‎02-25-2021

that's a good question, I have this problem too. I started using vpn without logs to protect my ptivacy, it works well. Now I have no issues at all and have access to any blocked content. That's convy.

zachlin19381 · ‎02-27-2021

Hello ~

Dinesh Moudgil · ‎02-28-2021

If you are using local authentication for group A and B, then users (since they are part of the same local database) will be able to access both groups on FTD.

What you can do is have the users connect to specific URLs to access resources. i.e. For A user, they could connect to group-url of https://1.1.1.1/Finance, and B user could connect to group-url of https://1.1.1.1/Sales. Again, this doesn't stop users from accessing the other group on FTD.

Regarding common password,

"Select Common Password to use the same password for every user, then enter that password in the Common Password field."

The rationale is to have another password that is common to all the users configured on FDM. As you observed, you will still get a prompt for a secondary password and users will need to enter that password.

Thank you,

Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

Marvin Rhoads · ‎03-01-2021

Adding to what @Dinesh Moudgil correctly described, if you use remote authentication you can restrict access of users on a per group basis. With local authentication on FTD this is not possible as of the current release 6.7.