• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Company · Blog · Newsletter · Events · Partner Program

Downloads      Support      Security     Admin Login
Rublon

Rublon

Secure Remote Access

  • Product
    • Regulatory Compliance
    • Use Cases
    • Rublon Reviews
    • Authentication Basics
    • What is MFA?
    • Importance of MFA
    • User Experience
    • Authentication Methods
    • Rublon Authenticator
    • Remembered Devices
    • Logs
    • Single Sign-On
    • Access Policies
    • Directory Sync
  • Solutions
    • MFA for Remote Desktop
    • MFA for Remote Access Software
    • MFA for Windows Logon
    • MFA for Linux
    • MFA for Active Directory
    • MFA for LDAP
    • MFA for RADIUS
    • MFA for SAML
    • MFA for RemoteApp
    • MFA for Workgroup Accounts
    • MFA for Entra ID
  • Customers
  • Industries
    • Financial Services
    • Investment Funds
    • Retail
    • Technology
    • Healthcare
    • Legal
    • Education
    • Government
  • Pricing
  • Docs
Contact Sales Free Trial

Multi-Factor Authentication (2FA/MFA) for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall – LDAP(S)

2FA/MFA for Cisco AnyConnect VPN with Cisco Firepower Threat Defense (FTD) using LDAP(S)

May 28, 2025 By Rublon Authors

Last updated on July 8, 2025

Overview of MFA for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall

This documentation describes how to integrate Rublon MFA with Cisco FTD Firepower Firewall using the LDAP protocol to enable multi-factor authentication for logins using the Cisco AnyConnect VPN.

Demo Video

Supported Authentication Methods

Authentication Method Supported Comments
Mobile Push ✔ N/A
WebAuthn/U2F Security Key – N/A
Passcode ✔ N/A
SMS Passcode – N/A
SMS Link ✔ N/A
Phone Call ✔ N/A
QR Code – N/A
Email Link ✔ N/A
YubiKey OTP Security Key ✔ N/A

Before You Start Configuring MFA for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall using LDAP

Before configuring Rublon MFA for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall:

  • Ensure you have prepared all required components.
  • Create an application in the Rublon Admin Console.
  • Install the Rublon Authenticator mobile app.

Required Components

1. User Identity Provider (IdP) – You need an external Identity Provider, such as Microsoft Active Directory or OpenLDAP.

2. Rublon Authentication Proxy – Install the Rublon Authentication Proxy if you have not already and configure the Rublon Authentication Proxy as an LDAP proxy.

3. Cisco AnyConnect VPN with Cisco FTD Firepower Firewall  – A properly installed and configured Cisco AnyConnect VPN and Cisco FTD Firepower Firewall.

Create an Application in the Rublon Admin Console

1. Sign up for the Rublon Admin Console. Here’s how.

2. In the Rublon Admin Console, go to the Applications tab and click Add Application. 

3. Enter a name for your application (e.g., Cisco VPN) and then set the type to Rublon Authentication Proxy.

4. Click Save to add the new application in the Rublon Admin Console.

Install Rublon Authenticator

Some end-users will probably use the Rublon Authenticator mobile app. So, as a person configuring MFA for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall, we highly recommend you install the Rublon Authenticator mobile app, too. Thanks to that, you will be able to test MFA for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall via Mobile Push.

Download the Rublon Authenticator for:

  • Android
  • iOS
  • HarmonyOS

Configuring Multi-Factor Authentication (MFA) for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall using LDAP

1. Log in to Cisco FTD Device Manager.

2. From the top bar, select Objects and then select Identity Sources from the left pane.

Image showing Objects in the top bar and Identity Sources in the left pane during MFA for Cisco FTD Firepower Firewall configuration in Firewall Device Manager.

3. Click the plus icon and select AD Realm.

Image showing selecting AD Realm in the plus icon dropdown during MFA for Cisco FTD Firepower Firewall configuration in Firewall Device Manager.

4. Create a new identity realm and click OK to save the realm. Refer to the following images and table.

Image showing the creation of a new AD Realm during MFA for Cisco FTD Firepower Firewall configuration in Firewall Device Manager.
NameA name for the AD/LDAP connection
Directory UsernameThe Bind DN of the user from your AD/LDAP in LDAP notation (e.g., CN=rublonadmin,OU=Rublon,dc=rublondemo,dc=local)
Directory PasswordThe password of the user defined in Directory Username
Base DNBase DN from your AD/LDAP (where to search for users), e.g., OU=Rublon,dc=rublondemo,dc=local
AD Primary DomainThe name of your domain (e.g., rublondemo.local)
Hostname / IP AddressThe IP address of the Rublon Authentication Proxy server
PortThe port of the Rublon Auth Proxy server (389 for LDAP or 636 for LDAPS)
InterfaceSelect the interface where the Rublon Auth Proxy server is available
EncryptionSelect LDAPs for LDAPS
Trusted CA CertificateSelect a trusted CA cert for LDAPS
TESTClick TEST to verify your settings. Upon successful connection, you should see “Connection to realm is successful.”

5. Deploy your configuration to save the new Identity Source.

Image showing the deployment of a new AD Realm during MFA for Cisco FTD Firepower Firewall configuration in Firewall Device Manager.

6. Now, you need to specify the new Identity Source in the Cisco Remote VPN configuration. From the top bar, select Device: <hostname> (where <hostname> is the name of your instance) and then select View Configuration in the Remote Access VPN section.

Image showing accessing Remote Access VPN settings during MFA for Cisco FTD Firepower Firewall configuration in Firewall Device Manager.

7. View the configuration of your existing Remote Access VPN.

Image showing how to view the Remote Access VPN configuration during MFA for Cisco FTD Firepower Firewall configuration in Firewall Device Manager.

8. Edit the configuration of your Remote Access VPN.

Image showing how to edit the Remote Access VPN configuration during MFA for Cisco FTD Firepower Firewall configuration in Firewall Device Manager.

9. Add the Rublon Auth Proxy Identity Source under Primary Identity Source for User Authentication.

Image showing where to set the Rublon Auth Proxy Identity Source as the Primary Identity Source for User Authentication during MFA for Cisco FTD Firepower Firewall configuration in Firewall Device Manager.

10. Save and close your Remote Access VPN Settings, and then deploy changes to Cisco FTD.

Testing Multi-Factor Authentication (MFA) for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall Integrated Via LDAP

This example portrays logging in to Cisco AnyConnect VPN with Cisco FTD Firepower Firewall with Rublon Multi-Factor Authentication. Mobile Push has been set as the second factor in Rublon Authentication Proxy configuration (AUTH_METHOD was set to push).

1. Open the Cisco AnyConnect Secure Mobility Client and connect to your public FQDN/IP of the Remote Access VPN

Image showing entering the FQDN of the Remote Access VPN in the Cisco AnyConnect Secure Mobility Client.

2. Enter the username and password from your Active Directory/OpenLDAP server.

3. Rublon will send a Mobile Push authentication request to your phone. Tap APPROVE.

Image showing a Mobile Push notification received by the user during Cisco AnyConnect VPN with Cisco FTD Firepower Firewall authentication

4. You will be logged in to Cisco AnyConnect VPN with Cisco FTD Firepower Firewall.

Troubleshooting MFA for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall Using LDAP

If you encounter any issues with your Rublon integration, please contact Rublon Support.

Related Posts

Rublon Authentication Proxy

Rublon Authentication Proxy – Integrations

Filed Under: Documentation

Primary Sidebar

Contents

  • Overview of MFA for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall
  • Demo Video
  • Supported Authentication Methods
  • Before You Start Configuring MFA for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall using LDAP
    • Required Components
    • Create an Application in the Rublon Admin Console
    • Install Rublon Authenticator
  • Configuring Multi-Factor Authentication (MFA) for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall using LDAP
  • Testing Multi-Factor Authentication (MFA) for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall Integrated Via LDAP
  • Troubleshooting MFA for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall Using LDAP
  • Related Posts
Try Rublon for Free
Start your 30-day Rublon Trial to secure your employees using multi-factor authentication.
No Credit Card Required


Footer

Product

  • Regulatory Compliance
  • Use Cases
  • Rublon Reviews
  • Authentication Basics
  • What is MFA?
  • Importance of MFA
  • User Experience
  • Authentication Methods
  • Rublon Authenticator
  • Remembered Devices
  • Logs
  • Single Sign-On
  • Access Policies
  • Directory Sync

Solutions

  • MFA for Remote Desktop
  • MFA for Windows Logon
  • MFA for Remote Access Software
  • MFA for Linux
  • MFA for Active Directory
  • MFA for LDAP
  • MFA for RADIUS
  • MFA for SAML
  • MFA for RemoteApp
  • MFA for Workgroup Accounts
  • MFA for Entra ID

Industries

  • Financial Services
  • Investment Funds
  • Retail
  • Technology
  • Healthcare
  • Legal
  • Education
  • Government

Documentation

  • 2FA for Windows & RDP
  • 2FA for RDS
  • 2FA for RD Gateway
  • 2FA for RD Web Access
  • 2FA for SSH
  • 2FA for OpenVPN
  • 2FA for SonicWall VPN
  • 2FA for Cisco VPN
  • 2FA for Office 365

Support

  • Knowledge Base
  • FAQ
  • System Status

About

  • About Us
  • Blog
  • Events
  • Co-funded by the European Union
  • Contact Us

  • Facebook
  • GitHub
  • LinkedIn
  • Twitter
  • YouTube

© 2025 Rublon · Imprint · Legal & Privacy · Security

  • English