Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
485
Views
0
Helpful
3
Replies

Remote Access VPN - FTD 7.2.4

Go to solution
Ruben Lozada
Level 1
Level 1

‎10-19-2023 02:10 PM

Hi all

I have the following scenario FP managed by FMC and Cisco ISE, I am trying to configure the vpn ssl and that the authentication and authorization is provided by the ISE, this perfectly configured vpn using local users in the FMC I get connectivity and when I want to use now the ISE gives me a connectivity error, and from the FMC and FTD I have connectivity to the ISE without any problem, not even in the ISE I get to see the connection attempts.

I read in some forum that I must configure the diagnostic interface to be able to have communication with the ISE and the ip must be in the same network segment as the management interface.

I'm out of ideas and I'm almost sure it's a minor configuration issue that is failing me and I can't see it.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ruben Lozada
Level 1
Level 1

‎11-02-2023 08:40 AM

I apologize for the delay,PButButPPePePerBut dBut afterBut afterBut after dBut after mBut after manyBut after many years of But after a lot of back and forth with the client we discovered that there was a firewall in the middle that limited the communication, even though we had ping between the ISE and the FTD it did not allow the rest of the ports to communicate.

Thank you all for your comments.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎10-20-2023 12:01 AM

@Ruben Lozada if ISE is not seeing any authentication attempts have you defined the FTD as a Network Device (with it's IP address and shared secret)? If you haven't ISE will silently drop the authentication attempts.

You do not need to configure the diagnostics interface, the RADIUS server (ISE) is reached via a data interface.

Example here of FTD Remote Access VPN with ISE authentication

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎10-20-2023 12:14 AM

Can i see how you config ISE from FMC ?

0 Helpful

Go to solution
Ruben Lozada
Level 1
Level 1

‎11-02-2023 08:40 AM

I apologize for the delay,PButButPPePePerBut dBut afterBut afterBut after dBut after mBut after manyBut after many years of But after a lot of back and forth with the client we discovered that there was a firewall in the middle that limited the communication, even though we had ping between the ISE and the FTD it did not allow the rest of the ports to communicate.

Thank you all for your comments.

0 Helpful
Customers Also Viewed These Support Documents