Remote Access VPN Features

Secure Firewall Threat Defense remote access VPN features

• SSL and IPsec-IKEv2 remote access using the Secure Client.

• Secure Firewall Management Center supports all combinations such as IPv6 over an IPv4 tunnel.

• Configuration support on both management center and device manager. Device-specific overrides.

• Support for both Secure Firewall Management Center and threat defense HA environments.

• Support for multiple interfaces and multiple AAA servers.

• Rapid Threat Containment support using RADIUS CoA or RADIUS dynamic authorization.

• Support for DTLS v1.2 protocol with Cisco Secure Client version 4.7 or higher.

• Secure Client modules support for additional security services for remote access VPN connections.

• VPN load balancing.

AAA features

• Server authentication using self-signed or CA-signed identity certificates.

• AAA username and password-based remote authentication using RADIUS server or LDAP or AD.

• RADIUS group and user authorization attributes, and RADIUS accounting.

• Double authentication support using an additional AAA server for secondary authentication.

• NGFW Access Control integration using VPN Identity.

• LDAP or AD authorization attributes using Secure Firewall Management Center web interface.

• Support for single sign-on using SAML 2.0.

• Support for multiple identity provider trustpoints with Microsoft Azure that can have multiple applications for the same Entity ID, but a unique identity certificate.

VPN tunneling features

• Address assignment.

• Split tunneling.

• Split DNS.

• Client Firewall ACLs.

• Session Timeouts for maximum connect and idle time.

Remote access VPN monitoring features

• New VPN Dashboard Widget showing VPN users by various characteristics such as duration and client application.

• Remote access VPN events including authentication information such as username and OS platform.

• Tunnel statistics available using the threat defense Unified CLI.