Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1281
Views
0
Helpful
2
Replies

Restrict local VPN users to a specific tunnel group in Firepower FTD

Chess Norris
Level 4
Level 4

‎11-09-2021 01:55 AM

Hi,

A customer have configured his FTD 7.0 with local users and wants to restricts a user to a specific tunnel group.

He dont have the possiblility to set up an ISE or NPS server right now, so he need a solution with local users.

In the ASA we could use the group-lock function for this, but I cannot find any option for this in either FDM or in FMC.

Is it possible to use FlexConfig to configure this or is the group-lock function not supported at all in FTD?

 

Thanks

/Chess

 

 

 

Labels:
0 Helpful
2 Replies 2

Mohammed al Baqari
Level 11
Level 11

‎11-09-2021 02:27 AM

Hi,

In ASA this was possible using group-lock feature under username
attributes. See below

https://www.cisco.com/c/en/us/support/docs/security/ios-easy-vpn/117634-configure-asa-00.html

Up to version 7.0 on FTD, its not possible using local accounts out of the
box. But use the example above and try it with flexconfig to see if it
works.

***** please remember to rate useful posts
0 Helpful

Chess Norris
Level 4
Level 4

‎11-10-2021 06:05 AM

I am getting some errors when trying FlexConfig (See picture). I guess it's not supported then or maybe  I do something wrong? 

 

FlexConfig.JPG

 

Thanks

/Chess

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents