Cisco Defense Orchestrator (CDO) provides an intuitive user interface for configuring Remote Access Virtual Private Network (RA VPN). It also allows you to quickly and easily configure RA VPN connection for multiple Firepower Threat Defense (FTD) devices that are on board in CDO. AnyConnect is the only client that is supported on endpoint devices for an RA VPN connectivity to FTD devices.
When the AnyConnect client negotiates an SSL VPN connection with the FTD device, it connects using Transport Layer Security (TLS) or Datagram Transport Layer Security (DTLS). DTLS avoids latency and bandwidth problems associated with some SSL connections and improves the performance of real-time applications that are sensitive to packet delays. The client and the FTD device negotiate the TLS/DTLS version to use. DTLS is used if the client supports it.
Cisco Defense Orchestrator (CDO) supports the following aspects of RA VPN functionality on Firepower Threat Defense devices:
- SSL client-based remote access
- IPv4 and IPv6 addressing
- Shared RA VPN configuration across multiple FTD devices
- End-to-End Remote Access VPN Configuration Process
- Guidelines and Limitations for Remote Access VPN
- Maximum Concurrent VPN Sessions By Device Model
- Control User Permissions and Attributes Using RADIUS and Group Policies
- Two-Factor Authentication
- RADIUS Change of Authorization
- Licensing Requirements for Remote Access VPN