SEC0402 – Firepower 7.0 AnyConnect VPN Connection Profile and Group-Policy (Part 2)
SEC0402 – Firepower 7.0 AnyConnect VPN Connection Profile and Group-Policy (Part 2)
Connection Profile and Group-Policy
Keeping it tunnel all
Recommended settings for MTU and DF bit
More restrictive settings
Recommended settings for SSL rekeying
Restrictive settings for contractor
show run username
Only reason different tunnel group or connection profile was selected, because we selected from dropdown, a limitation with local account is because realm is local, a contractor can select Employee connection profile from drop down and then login to that connection profile with contractor username and password which is not good and in firepower unlike ASA we cannot lock down local accounts to a connection profile, that is why local accounts should not be used if there are multiple connection profiles.