Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1697
Views
10
Helpful
7
Replies

Remote Access VPN with FTD

Go to solution
shaikh.zaid22
Level 1
Level 1

‎01-20-2021 11:12 PM

Guys... i have a running RA VPN configured on FTD via FMC, the remote users are getting ip address via DHCP defined in VPN group policy and authentication via AD. I have a requirement of giving some outside users remote access with static ip address so that we can control and have visibility.

Is there any way we can provide static ip address to Anyconnect remote vpn users via FMC??

Labels:
2 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎01-21-2021 05:15 AM

It looks like you can do this natively in FMC 6.7 now, so no need for flexconfig any more!!

 

ldap-fmc-67.PNG

View solution in original post

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to shaikh.zaid22

‎01-24-2021 02:17 AM

@shaikh.zaid22 6.6.1 is the current recommended version. If you did not wish to upgrade to 6.7 to take advantage of these new features, then @Marvin Rhoads suggestion is the correct answer.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-20-2021 11:28 PM

I haven't tested it but you should be able to use an LDAP Attribute-map (requires Flexconfig). It's the same thing we do with an ASA, just a bit harder to push from FMC due to it not being exposed in the GUI directly.

Article on assigning static IP addresses with LDAP / AD (and ASA):

https://community.cisco.com/t5/vpn/asa-ldap-static-address-for-vpn-user/td-p/1705068

How to use LDAP attribute-maps in FMC:

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/214283-configure-anyconnect-ldap-mapping-on-fir.html

 

Go to solution
shaikh.zaid22
Level 1
Level 1
In response to Marvin Rhoads

‎01-20-2021 11:55 PM

Thanks marvin i will check it...

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎01-21-2021 05:15 AM

It looks like you can do this natively in FMC 6.7 now, so no need for flexconfig any more!!

 

ldap-fmc-67.PNG

0 Helpful

Go to solution
shaikh.zaid22
Level 1
Level 1
In response to Rob Ingram

‎01-24-2021 02:01 AM - edited ‎01-24-2021 02:02 AM

presently am running 6.4.7 version, is the 6.7 version is stable and recommended ?

I would like to control certain RA vpn users by assigning static ips and restricting to access certain servers only.. Apart from the above solution is there any other way i can achieve this in ver 6.4.7 itself? 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to shaikh.zaid22

‎01-24-2021 02:17 AM

@shaikh.zaid22 6.6.1 is the current recommended version. If you did not wish to upgrade to 6.7 to take advantage of these new features, then @Marvin Rhoads suggestion is the correct answer.

0 Helpful

Go to solution
shaikh.zaid22
Level 1
Level 1
In response to Rob Ingram

‎01-24-2021 02:23 AM

Thanks ROB and Marvin.. Good Luck...

Cisco Community Grt place to get quick knw-hows...:)

0 Helpful

Go to solution
cgarringer
Level 1
Level 1

‎01-21-2021 05:53 AM

I did it previously using Radius attributes, but you have to be using a Radius server for AAA on VPN to do that.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents