I’m using Cisco Umbrella DNS servers, (or the DNS servers formally known as OpenDNS) > I’m setting a ‘welcome banner’ but you dont need to, (some people find them annoying!) > Scroll down. I typically create a new network object for my remote clients to use, you can select your internal DHCP server to send out addresses if you wish > Next. Give the profile a name, a group alias, and group URL > I’m using the FTD as my AAA Identity source (so my username and passwords are held on the firewall) that’s fine for small deployments, but in production you should think about deploying an AAA solution (called a Special Identities Realm in FTD). Remote Access VPN > Configure > Create Connection Profile. Have a coffee and recheck everything is licensed OK.Īn圜onnect 4 – Plus and Apex Licensing Explained If you haven’t already done so enable the Remote Access VPN licence > Smart Licence > Fire Configuration > RA VPN License > Enable > Change to licence type (mines Apex). If you want to use An圜onnect you need to have a licence, and it needs to be in your Smart Licensing Account, (before you enable Remote Access VPN).įinal Gotcha! Make sure you HAVE NOT enabled HTTPS management on the outside interface of the FTD before you start configuring An圜onnect, or you will get all the way to the end, and it will fall over and you will have to start again (thanks Cisco! How hard would it be to say, if you enable this, I will disable https outside management is this OK?) You will need to download a package for each platform your users will need to connect with.Īn圜onnect Licence! After years of getting a few free with a Cisco ASA, I was unhappy to find that’s not the case with Cisco FTD. Theres one for macOS, one for Windows, (well another one now for ARM processors, but I’ve not needed it yet), and one for Linux. pkg extension, (Cisco refer to these as Head-End packages). Sometimes just getting access to the download is a trial! Anyway you will need the An圜onnect ‘Package’ files, these typically have a. It’s the same software package that’s installed with Cisco ASA.
If you are used to An圜onnect then you probably have the client software. As with all things Cisco, there are a couple of things that could trip you up. Ive spent years deploying this solution for ASA so it’s a product I know well. In this article I will focus on ‘Remote Access’ VPN, which for Cisco FTD means using the An圜onnect client.
0 kommentar(er)
