cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
315
Views
5
Helpful
7
Replies
Highlighted
Beginner

Remote Access VPN with FTD

Guys... i have a running RA VPN configured on FTD via FMC, the remote users are getting ip address via DHCP defined in VPN group policy and authentication via AD. I have a requirement of giving some outside users remote access with static ip address so that we can control and have visibility.

Is there any way we can provide static ip address to Anyconnect remote vpn users via FMC??

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
VIP Mentor

It looks like you can do this natively in FMC 6.7 now, so no need for flexconfig any more!!

 

ldap-fmc-67.PNG

View solution in original post

Highlighted

@shaikh.zaid22 6.6.1 is the current recommended version. If you did not wish to upgrade to 6.7 to take advantage of these new features, then @Marvin Rhoads suggestion is the correct answer.

View solution in original post

7 REPLIES 7
Highlighted
Hall of Fame Guru

I haven't tested it but you should be able to use an LDAP Attribute-map (requires Flexconfig). It's the same thing we do with an ASA, just a bit harder to push from FMC due to it not being exposed in the GUI directly.

Article on assigning static IP addresses with LDAP / AD (and ASA):

https://community.cisco.com/t5/vpn/asa-ldap-static-address-for-vpn-user/td-p/1705068

How to use LDAP attribute-maps in FMC:

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/214283-configure-anyconnect-ldap-mapping-on-fir.html

 

Highlighted

Thanks marvin i will check it...

Highlighted
VIP Mentor

It looks like you can do this natively in FMC 6.7 now, so no need for flexconfig any more!!

 

ldap-fmc-67.PNG

View solution in original post

Highlighted

presently am running 6.4.7 version, is the 6.7 version is stable and recommended ?

I would like to control certain RA vpn users by assigning static ips and restricting to access certain servers only.. Apart from the above solution is there any other way i can achieve this in ver 6.4.7 itself? 

Highlighted

@shaikh.zaid22 6.6.1 is the current recommended version. If you did not wish to upgrade to 6.7 to take advantage of these new features, then @Marvin Rhoads suggestion is the correct answer.

View solution in original post

Highlighted

Thanks ROB and Marvin.. Good Luck...

Cisco Community Grt place to get quick knw-hows...:)

Highlighted
Beginner

I did it previously using Radius attributes, but you have to be using a Radius server for AAA on VPN to do that.
Content for Community-Ad