Cisco Anyconnect FMC

Add Cisco RADIUS client in the Mideye Server

See section RADIUS clients in the reference guide.

Create a new VPN Policy

In Cisco FMC. Navigate to Devices → Remote Access. Click Add in the top right corner. Give the Policy a name and a description. Select what VPN protocol that should be used and select the firewall that should be targeted. Click Next.

Enter a suitable Profile name and select AAA Only in the dropdown list. Click the + sign and select RADIUS Server group. Fill out the form to create a new RADIUS group and add the Mideye Servers with IP and shared secret. Make sure to set the RADIUS-timeout to at least 35 seconds.

If accounting and authorization should be in use, select the same RADIUS group or create a new one.

Last, select client address assignment and create a new policy or use the predefined.

On the next page, select the Cisco Anyconnect images and click Next to select interface and certificate for the Remote Access. Complete the wizard.

Change timeout for Cisco Anyconnect

There are two different timeouts for Cisco Anyconnect. One, that is already configured in the stop above is for the web-based Anyconnect, but to change it for the desktop client, a client profile must be modified and selected.

Navigate to Devices followed by Remote Access. Edit the Anyconnect policy and click Edit Group Policy right under the Group Policy name. Select the Anyconnect tab.

Before adding a Client Profile, this must be created and uploaded to the Cisco FMC. Login to cisco.com and download and install the Profile Editor.

Open VPN profile Editor on your local machine and Navigate to Preferences (Part 2). Change the default timeout (12 sec) to 35 seconds. Save the file and upload it to the Cisco FMC.

Change the timeout to 35 seconds.

Add the created xml-file to Cisco FMC.

Add the firewall as a RADIUS client in the Mideye Server

See section RADIUS clients in the reference guide.