Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1217
Views
0
Helpful
6
Replies

S2S-VPN

Go to solution
shaikh.zaid22
Level 1
Level 1

‎12-29-2020 01:52 AM

Hi,

I have built the S2S VPN between Cisco FTD 2110 and Azure VNG , and it was really smooth provided if we had set ikver and ipsec phases correctly. This S2S VPN is created for our development team to have access of non-prod servers and have their work done.

Now i need one more help, since i already have a Remote VPN running since most employees nowadays working from home.

Is there a way wherein, if our system engineer creates a number of user accounts in the non-prod AD server and development team can access these non-prod servers by putting the credentials as they do for connecting remote VPN connection via ANYCONNECT client, so soon as they put the credentials of the non-prod environment the clients detects this and redirects to the non-prod server network. 

So is it possible to use the remote vpn anyconnect client to access the site to site vpn tunnel ?

Hope you guys understood..

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
6 Replies 6

Go to solution
Karsten Iwen
VIP
VIP

‎12-29-2020 03:21 AM

Actually, I am not really sure what you want ...

Do you want to be able to both authenticate to your internal AD and also to the AD in Azure for accounts that are only there?

 

If yes, then you have to:

- configure a new group of Authentication-servers, pointing to the Azure-Servers, same as you have done for your internal servers.

- configure a new connection profile with a unique url. If your users are accessing the VPN normally with "vpn.company.com" you could configure the new connection with "vpn.company.com/test". Use the new aaa-servers for this connection profile.

- Assign a new group-policy to this connection to allow/restrict access to the ressources needed.

0 Helpful

Go to solution
shaikh.zaid22
Level 1
Level 1
In response to Karsten Iwen

‎12-30-2020 12:14 AM

Thanks Karsten for the reply,

 

Actually my requirement now is to use the anyconnect client to access the non prod servers in azure environment. 

my present environment is we have a remote VPN which is access by abc.company.com and the username/password is authenticated by our on-prem AD.

Now, we have requirement for our development team of 5 engineers to have access to the non-prod servers in azure via the same anyconnect client, but only difference would be they will use another username/password which will be created in the non-prod AD server. SO the idea is, the FTD should redirect the request based on the URL and username/password entered in anyconnect and then authenticate it with the correct AD server.

 

Hope i have explained it little better !

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to shaikh.zaid22

‎12-30-2020 12:50 AM

OK, so I got you right and you have to implement the above. It just is not a redirect, it is that the FTD asks a different server to authenticate the client.

 

0 Helpful

Go to solution
shaikh.zaid22
Level 1
Level 1
In response to Karsten Iwen

‎12-30-2020 01:11 AM

Thank Karsten,

 

So is it achievable right ? Can you pls guide me through the steps or any reference document ?

 

Appreciate your response. 

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to Karsten Iwen

‎12-30-2020 01:44 AM

This is the config guide:

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/firepower_threat_defense_remote_access_vpns.html

 

As mentioned, the relevant pasts are the connection-profiles and the aaa-server.

0 Helpful

Go to solution
shaikh.zaid22
Level 1
Level 1
In response to Karsten Iwen

‎12-30-2020 02:24 AM

Thanks Karsten.... Appreciate

 

0 Helpful
Customers Also Viewed These Support Documents