Hello,
I'm working on a personal project to have a complete guide for Cisco Remote Access VPN design and configuration guide. I started working on it during the lockdown (where all of us shift to work from home).
I started with building quick guide to provide all our customers and partners with a detailed steps how to enable the remote access VPN, but with more use cases, asks, and integrations, I found my self developing a draft for a complete technical guide that can be reused by all of us.
I started the guide using Cisco ASA, but later, I start building the same guide using Cisco FTD (in order to have a complete guide for all Cisco firewalls (ASA and FTD)).
The sections (which will be posts in this blog) will be organized like:
Cisco Remote Access VPN using Cisco ASA
- Plan your VPN deployment (design, topology, software & hardware, interfaces, licenses, expected throughput, high availability and scalability).
- Start with the basic (activate the VPN, connect successfully, authenticate locally, enroll the certificate, ensure the connectivity, communication matrix based on the design, split tunneling, Internet connectivity).
- VPN advanced configurations:
- Part#1 – configure multiple group-policies, multiple users’ assignment, and VPN filters.
- Part#2 – configure advanced configuration for group-policies and apply the cybersecurity best practices (framed-ip-address, timeouts, banners, etc.).
- Part#3 – configure VPN group URL and VPN group alias.
- Part#4 – configure DST (Dynamic Split Tunneling).
- Enable the Dynamic Access Policy (DAP) and HostCheck for RAVPN users (local posture assessment).
- VPN enhanced authentication:
- Part#1: Integrate the ASA with Cisco Duo for MFA (using the ASA local DB).
- Part#2: Integrate the VPN with the organization AD for users’ authentication.
- Part#3: Integrate the VPN with Cisco ISE for users’ authentication (local ISE DB and AD users).
- Part#4: Integrate the MFA solution (Cisco Duo) with the AD for VPN users.
- Part#5: Integrate the MFA solution (Cisco Duo) with Cisco ISE for VPN users.
- VPN secure integration:
- Integrate the ASA with Cisco ISE for Remote Access VPN posture assessment (centralized posture assessment).
- Integrate the VPN module (Cisco AnyConnect) with Cisco Umbrella for all roaming users.
- Advanced settings and configuration:
- To be decided later based on the requirements and feedback.
- Cisco Remote Access VPN guide (the same list of applicable configurations and integrations mentioned above for ASA) using FTD managed locally by FDM.
- Cisco Remote Access VPN guide (the same list of applicable configurations and integrations mentioned above for ASA) using FTD managed by Cisco FMC.