VIP (Validation ID Protection)

 View Only

 VIP Newbie - need Cisco FTD assistance

Paul Brimigion's profile image
Paul Brimigion posted Mar 24, 2021 11:04 AM
Hello,

I've just purchased Symantec VIP 2fa and need assistance with making this work on a Windows 2016 server to authenticate remote access VPN users coming through a Cisco FTD appliance. The documentation portal has the info for Cisco 5500 series ASA, but this FTD appliance is managed by Cisco's FMC and the set up is not the same. Does anyone have any insights that may help me?

thanks
Paul
Andreas Horlacher's profile image
Broadcom Employee Andreas Horlacher posted Mar 26, 2021 12:49 PM
Hi Paul,

A quick Google search shows instructions for implementing RADIUS connections for 2FA within Cisco FTD. Within those settings, you designate the VIP Enterprise Gateway IP address and port as the RADIUS server to point to. Then on the VIP Enterprise Gateway, you would create a new validation server to accept the incoming RADIUS requests, and create a userstore to handle LDAP queries if you want VIP to verify the user in your user store. 

You can use the existing Cisco templates if you want to. They have prepopulated fields that you can adjust as necessary. Or, you can start from scratch and choose CUSTOM from the options, and build a fresh validation server.