cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
925
Views
10
Helpful
5
Replies

SSL REMOTE VPN USING NGFW 2110 AND FMC 1000

adeebtaqui
Level 4
Level 4

My customer wants to have remote ssl vpn for his employees to access office network securely from their homes.

Which is the best cost effective ssl remote vpn solution that i can provide

We have provided to customer isr 4451 as Internet CE router and ngfw2110 with fmc1000 as external fw.

So can we propose cisco anyconnect apex vpn subscription on ngfw 2110 to deploy vpn for customer

For authentication, customer has Microsoft AD and Netscout.

How can customer authenticate access for anyconnect vpn? Does he need any additional solution or can authentication be done directly by remote worker when accessing the remote vpn on ngfw or fmc or does remote worker need vpn to be integrated with AD or netscout

5 Replies 5

Hi @adeebtaqui 

You need to integrate to an external identity store such as AD, the FMC doesn't have a local user database to authenticate to.

 

Optional - but the recommendation for Remote Access VPN would normally be to use Two Factor Authentication in addition to AD, such as Duo. This provides better security, but you can get away with just using AD authentication.

Thanks for duo suggestion. Do you have any info or any cisco doc explaining integration between anyconnect remote ssl vpn and AD or Netscout 

One more addition to what Rob said: Using AnyConnect APEX licenses is likely a waste of money and AnyConnect PLUS is nearly always enough.

@Karsten Iwen with anyconnect plus we do not have clientless browser. Kindly advise if we go for plus , how should vpn be accessed and can browser/chrome based vpn access be possible?

@adeebtaqui 

FTD does not support clientless VPN (using a browser) and it likely never will, you have to use the AnyConnect VPN client.

The Webpage on the FTD is used to login to download the anyconnect client only.