Firepower Threat Defense Remote Access VPN Overview
Firepower Threat Defense provides secure gateway capabilities that support remote access SSL and IPsec-IKEv2 VPNs. The full tunnel client, AnyConnect Secure Mobility Client, provides secure SSL and IPsec-IKEv2 connections to the security gateway for remote users. AnyConnect is the only client supported on endpoint devices for remote VPN connectivity to Firepower Threat Defense devices. The client gives remote users the benefits of an SSL or IPsec-IKEv2 VPN client without the need for network administrators to install and configure clients on remote computers. The AnyConnect mobile client for Windows, Mac, and Linux is deployed from the secure gateway upon connectivity. The AnyConnect apps for Apple iOS and Android devices are installed from the platform app store.
Use the Remote Access VPN Policy wizard in the Cisco Defense Orchestrator to quickly and easily set up SSL and IPsec-IKEv2 remote access VPNs with basic capabilities. Then, enhance the policy configuration if desired and deploy it to your Firepower Threat Defense secure gateway devices.
You can configure the following settings using the remote access VPN policy:
You can use the following examples to allocate limited bandwidth to VPN users and to use VPN identify for user-id based access control rules: