Configuring Remote Access VPN for an FDM-Managed Device

CDO provides an intuitive user interface for configuring a new Remote Access Virtual Private Network (RA VPN). It also allows you to quickly and easily configure RA VPN connection for multiple FDM-managed devices that are on board in CDO. AnyConnect is the only client that is supported on endpoint devices for an RA VPN connectivity to FDM-managed devices.

When the AnyConnect client negotiates an SSL VPN connection with the FDM-managed device, it connects using Transport Layer Security (TLS) or Datagram Transport Layer Security (DTLS). DTLS avoids latency and bandwidth problems associated with some SSL connections and improves the performance of real-time applications that are sensitive to packet delays. The client and the FDM-managed device negotiate the TLS/DTLS version to use. DTLS is used if the client supports it.

CDO supports the following aspects of RA VPN functionality on FDM-managed devices:

SSL client-based remote access
IPv4 and IPv6 addressing
Shared RA VPN configuration across multiple FDM-managed devices

Important

If an onboarded FDM-managed device (running on software version 6.7 or later) contains RA VPN configuration with SAML server as the authentication source, CDO doesn't populate the AAA details in the connection profile as it doesn't manage SAML server objects in the current release. Thus you can't manage such RA VPN configuration from CDO. However, CDO reads the RA VPN connection profile and associated trusted CA certificate and SAML server objects.