Prerequisites for Configuring Remote Access VPN

Deploy Secure Firewall Threat Defense devices and configure Secure Firewall Management Center to manage the device with required licenses with export-controlled features enabled. For more information, see VPN Licensing.

Configure the certificate enrollment object that is used to obtain the identity certificate for each threat defense device that act as a remote access VPN gateway.

Configure the RADIUS server group object and any AD or LDAP realms being used by remote access VPN policies.

Ensure that the AAA Server is reachable from the threat defense device for the remote access VPN configuration to work. Configure routing (at Devices > Device Management > Edit Device > Routing) to ensure connectivity to the AAA servers.

For remote access VPN double authentication, ensure that both the primary and secondary authentication servers are reachable from the threat defense device for the double authentication configuration to work.

Purchase and enable one of the following Cisco Secure Client licenses: Secure Client Advantage, Secure Client Premier, or Secure Client VPN Only to enable the threat defense remote access VPN.

Download the latest Secure Client image files from Cisco Software Download Center.

On your Secure Firewall Management Center web interface, go to Objects > Object Management > VPN > Secure Client File and add the new Secure Client image files.

Create a security zone or interface group that contains the network interfaces that users will access for VPN connections. See Interface.

Download the Secure Client Profile Editor from Cisco Software Download Center to create the Secure Client profile. You can use the standalone profile editor to create a new or modify an existing Secure Client profile.