• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Company · Blog · Newsletter · Events · Partner Program

Downloads      Support      Security     Admin Login
Rublon

Rublon

Secure Remote Access

  • Product
    • Regulatory Compliance
    • Use Cases
    • Rublon Reviews
    • Authentication Basics
    • What is MFA?
    • Importance of MFA
    • User Experience
    • Authentication Methods
    • Rublon Authenticator
    • Remembered Devices
    • Logs
    • Single Sign-On
    • Access Policies
    • Directory Sync
  • Solutions
    • MFA for Remote Desktop
    • MFA for Remote Access Software
    • MFA for Windows Logon
    • MFA for Linux
    • MFA for Active Directory
    • MFA for LDAP
    • MFA for RADIUS
    • MFA for SAML
    • MFA for RemoteApp
    • MFA for Workgroup Accounts
    • MFA for Entra ID
  • Customers
  • Industries
    • Financial Services
    • Investment Funds
    • Retail
    • Technology
    • Healthcare
    • Legal
    • Education
    • Government
  • Pricing
  • Docs
Contact Sales Free Trial

Multi-Factor Authentication (2FA/MFA) for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall – RADIUS

2FA/MFA for Cisco AnyConnect VPN with Cisco Firepower Threat Defense (FTD) using RADIUS

May 29, 2025 By Rublon Authors

Last updated on July 8, 2025

Overview of MFA for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall

This documentation describes how to integrate Rublon MFA with Cisco FTD Firepower Firewall using the RADIUS protocol to enable multi-factor authentication for logins using the Cisco AnyConnect VPN.

Demo Video

Supported Authentication Methods

Authentication Method Supported Comments
Mobile Push ✔ N/A
WebAuthn/U2F Security Key – N/A
Passcode ✔ N/A
SMS Passcode – N/A
SMS Link ✔ N/A
Phone Call ✔ N/A
QR Code – N/A
Email Link ✔ N/A
YubiKey OTP Security Key ✔ N/A

Before You Start Configuring MFA for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall using RADIUS

Before configuring Rublon MFA for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall:

  • Ensure you have prepared all required components.
  • Create an application in the Rublon Admin Console.
  • Install the Rublon Authenticator mobile app.

Required Components

1. User Identity Provider (IdP) – You need an external Identity Provider, such as FreeRADIUS or Microsoft NPS.

2. Rublon Authentication Proxy – Install the Rublon Authentication Proxy if you have not already and configure the Rublon Authentication Proxy as an RADIUS proxy.

3. Cisco AnyConnect VPN with Cisco FTD Firepower Firewall  – A properly installed and configured Cisco AnyConnect VPN and Cisco FTD Firepower Firewall.

Create an Application in the Rublon Admin Console

1. Sign up for the Rublon Admin Console. Here’s how.

2. In the Rublon Admin Console, go to the Applications tab and click Add Application. 

3. Enter a name for your application (e.g., Cisco VPN) and then set the type to Rublon Authentication Proxy.

4. Click Save to add the new application in the Rublon Admin Console.

Install Rublon Authenticator

Some end-users will probably use the Rublon Authenticator mobile app. So, as a person configuring MFA for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall, we highly recommend you install the Rublon Authenticator mobile app, too. Thanks to that, you will be able to test MFA for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall via Mobile Push.

Download the Rublon Authenticator for:

  • Android
  • iOS
  • HarmonyOS

Configuring Multi-Factor Authentication (MFA) for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall using RADIUS

1. Log in to Cisco FTD Device Manager.

2. From the top bar, select Objects and then select Identity Sources from the left pane.

Image showing Objects in the top bar and Identity Sources in the left pane during MFA for Cisco FTD Firepower Firewall configuration in Firewall Device Manager.

3. Click the plus icon and select RADIUS Server.

Image showing selecting RADIUS Server in the plus icon dropdown during MFA for Cisco FTD Firepower Firewall configuration in Firewall Device Manager.

4. Create a new RADIUS Server and click OK to save it. Refer to the following images and table.

Image showing the creation of a new RADIUS Server during MFA for Cisco FTD Firepower Firewall configuration in Firewall Device Manager.
NameA name for the Rublon Auth Proxy RADIUS Server
Server Name or IP AddressThe IP Address of your Rublon Auth Proxy RADIUS Server
Authentication Port1812 (Default for RADIUS)
Timeout60
Server Secret KeyThe RADIUS Secret shared between Rublon Auth Proxy and Cisco FTD
Require Message-Authenticator for all RADIUS ResponsesCheck.

This is important; you must check this option
Expand RA VPN Only (if this object is used in RA VPN Configuration)
Redirect ACLOptional.

Select an RA VPN Redirect ACL if you use any
Interface used to connect to RADIUS ServerSelect Manually choose interface and from the dropdown, select the interface where the Rublon Auth Proxy server is available to Cisco FTD

5. In Identity Sources, click the plus icon again, but this time select RADIUS Server Group.

Image showing selecting RADIUS Server Group in the plus icon dropdown during MFA for Cisco FTD Firepower Firewall configuration in Firewall Device Manager.

6. Create a new RADIUS Server Group and click OK to save it. Refer to the following images and table.

Image showing the creation of a new RADIUS Server Group during MFA for Cisco FTD Firepower Firewall configuration in Firewall Device Manager.
NameA name for your Rublon Auth Proxy RADIUS Server Group
Dead time10 (Default)
Maximum Failed Attempts3 (Default)
Dynamic Authorization (for RA VPN Only)Optional.
Leave unselected.
Realm that Supports the RADIUS ServerSpecify the AD Realm server if the RADIUS server relies on an Active Directory (AD) server for user authentication. If your RADIUS server is configured this way, you need to select the AD realm that specifies the AD server working alongside the RADIUS server.

For more information on how to create an AD Realm, refer to MFA for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall – LDAP(S).
RADIUS ServerClick the plus icon and select the RADIUS Server you have created before
TEST ALL SERVERSClick TEST ALL SERVERS to verify your settings. In a new window, specify the username and password from your AD/LDAP realm and confirm Rublon MFA when prompted. Upon successful connection, you should see “All Servers have been successfully tested”.

7. Deploy your configuration changes (a new RADIUS Server and RADIUS Server Group) to Cisco FDT.

Image showing the deployment of a new RADIUS Server and RADIUS Server Group during MFA for Cisco FTD Firepower Firewall configuration in Firewall Device Manager.

8. Now, you need to specify the new Identity Source in the Cisco Remote VPN configuration. From the top bar, select Device: <hostname> (where <hostname> is the name of your instance) and then select View Configuration in the Remote Access VPN section.

Image showing accessing Remote Access VPN settings during MFA for Cisco FTD Firepower Firewall configuration in Firewall Device Manager.

9. View the configuration of your existing Remote Access VPN.

Image showing how to view the Remote Access VPN configuration during MFA for Cisco FTD Firepower Firewall configuration in Firewall Device Manager.

10. Edit the configuration of your Remote Access VPN.

Image showing how to edit the Remote Access VPN configuration during MFA for Cisco FTD Firepower Firewall configuration in Firewall Device Manager.

11. Add the Rublon Auth Proxy RADIUS Group Identity Source under Primary Identity Source for User Authentication.

Image showing where to set the Rublon Auth Proxy RADIUS Group Identity Source as the Primary Identity Source for User Authentication during MFA for Cisco FTD Firepower Firewall configuration in Firewall Device Manager.

12. Save and close your Remote Access VPN Settings, and then deploy changes to Cisco FTD.

Testing Multi-Factor Authentication (MFA) for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall Integrated Via RADIUS

This example portrays logging in to Cisco AnyConnect VPN with Cisco FTD Firepower Firewall with Rublon Multi-Factor Authentication. Mobile Push has been set as the second factor in Rublon Authentication Proxy configuration (AUTH_METHOD was set to push).

1. Open the Cisco AnyConnect Secure Mobility Client and connect to your public FQDN/IP of the Remote Access VPN

Image showing entering the FQDN of the Remote Access VPN in the Cisco AnyConnect Secure Mobility Client.

2. Enter the username and password.

3. Rublon will send a Mobile Push authentication request to your phone. Tap APPROVE.

Image showing a Mobile Push notification received by the user during Cisco AnyConnect VPN with Cisco FTD Firepower Firewall authentication

4. You will be logged in to Cisco AnyConnect VPN with Cisco FTD Firepower Firewall.

Troubleshooting MFA for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall Using RADIUS

If you encounter any issues with your Rublon integration, please contact Rublon Support.

Related Posts

Rublon Authentication Proxy

Rublon Authentication Proxy – Integrations

Filed Under: Documentation

Primary Sidebar

Contents

  • Overview of MFA for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall
  • Demo Video
  • Supported Authentication Methods
  • Before You Start Configuring MFA for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall using RADIUS
    • Required Components
    • Create an Application in the Rublon Admin Console
    • Install Rublon Authenticator
  • Configuring Multi-Factor Authentication (MFA) for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall using RADIUS
  • Testing Multi-Factor Authentication (MFA) for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall Integrated Via RADIUS
  • Troubleshooting MFA for Cisco AnyConnect VPN with Cisco FTD Firepower Firewall Using RADIUS
  • Related Posts
Try Rublon for Free
Start your 30-day Rublon Trial to secure your employees using multi-factor authentication.
No Credit Card Required


Footer

Product

  • Regulatory Compliance
  • Use Cases
  • Rublon Reviews
  • Authentication Basics
  • What is MFA?
  • Importance of MFA
  • User Experience
  • Authentication Methods
  • Rublon Authenticator
  • Remembered Devices
  • Logs
  • Single Sign-On
  • Access Policies
  • Directory Sync

Solutions

  • MFA for Remote Desktop
  • MFA for Windows Logon
  • MFA for Remote Access Software
  • MFA for Linux
  • MFA for Active Directory
  • MFA for LDAP
  • MFA for RADIUS
  • MFA for SAML
  • MFA for RemoteApp
  • MFA for Workgroup Accounts
  • MFA for Entra ID

Industries

  • Financial Services
  • Investment Funds
  • Retail
  • Technology
  • Healthcare
  • Legal
  • Education
  • Government

Documentation

  • 2FA for Windows & RDP
  • 2FA for RDS
  • 2FA for RD Gateway
  • 2FA for RD Web Access
  • 2FA for SSH
  • 2FA for OpenVPN
  • 2FA for SonicWall VPN
  • 2FA for Cisco VPN
  • 2FA for Office 365

Support

  • Knowledge Base
  • FAQ
  • System Status

About

  • About Us
  • Blog
  • Events
  • Co-funded by the European Union
  • Contact Us

  • Facebook
  • GitHub
  • LinkedIn
  • Twitter
  • YouTube

© 2025 Rublon · Imprint · Legal & Privacy · Security

  • English