Skip to content
Skip to search
Skip to footer

Cisco Secure Firewall ASA to Threat Defense Feature Mapping

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Results

Updated:: February 21, 2023

Chapter: Virtual Private Network Features

Virtual Private Network Features
Site-to-Site VPN
Remote Access VPN

Virtual Private Network Features

This chapter provides high-level information to configure the ASA Virtual Private Network features in Secure Firewall Threat Defense using Secure Firewall Management Center.

Site-to-Site VPN

Table 1. Site-to-Site VPN
ASA Feature	Threat Defense Feature in Secure Firewall Management Center	Notes
LAN-to-LAN IPsec	Policy-based VPN UI path: Devices > Site To Site > Policy Based (Crypto Map). See: Configure a Policy-based Site-to-Site VPN. How-To: Configure a Policy-based Site-to-Site VPN, Customize IKE Options for an Existing Site-to-Site VPN Deployment, Customize IPsec Options for an Existing Site-to-Site VPN Deployment, Customize Advanced Settings for an Existing Site-to-Site VPN Deployment	The management centerprovides a single wizard to configure VPN on the peers.
Virtual Tunnel Interface (VTI)	Route-based VPN UI path: Devices > Site To Site > Route Based (VTI). See: Create a Route-based Site-to-Site VPN. How-To: Create a route-based VPN (VTI), Configure a Static Route for VTI, Configure BGP routing for VTI, Configure an access control rule to allow encrypted traffic over VTI	Creating a VPN between a hub with a dynamic VTI and spokes with static VTIs is much easier in management center using the wizard. There is no wizard in ASDM.
Umbrella SASE	Deploy a SASE Tunnel on Umbrella UI path: Devices > VPN > Site To Site > +SASE Topology. See: Deploy a SASE Tunnel on Umbrella.
Monitor Site-to-Site VPN	Monitor the Site-to-Site VPN UI path: Overview > Dashboards > Site to Site VPN. See: Monitor the Site-to-Site VPN.

Remote Access VPN

Table 2. Remote Access VPN
ASA Feature	Threat Defense Feature in Secure Firewall Management Center	Notes
Remote Access IPsec (IKE v2) VPN	Remote Access VPN Policy UI path: Devices > VPN > Remote Access > Policy Assignment > VPN Protocols > IPsec-IKEv2. See: Configuring a Remote Access VPN Connection. How-To: Configuring Traffic Filtering for Remote Access (RA) VPN Connections—Creating an Extended Access List for Filtering Traffic on an RA VPN Connection, Adding an Extended Access List to a Group Policy for Filtering Traffic on an RA VPN Connection Certificate Authentication for Remote Access (RA) VPN—Creating a Certificate Map for Certificate Authentication in RA VPN, Associating a Certificate Map to a Connection Profile Create and Install an Identity Certificate on Device for Remote Access VPN Configuration—PKCS12 Cert Enrollment Object, Manual Cert Enrollment Object, Self-signed Cert Enrollment Object, SCEP Cert Enrollment Object, Install Manual Certificate, Install PKCS12, SCEP, or Self-Signed Certificate, Configure Remote Access VPN Configuring VPN—Renew a certificate using manual re-enrollment, Renew a certificate using Self-signed, SCEP, or EST enrollment, Configure LDAP attribute map for remote access VPN, Add SAML Single Sign-On server object, Configure Dynamic Access Policy for Remote Access VPN	Configuring a connection profile and a group policy object remains the same in the management center as in the ASA. You must create a realm object for creating local users and Active Directory/LDAP. Realms are connections between the management center and the user accounts on the servers.
Remote Access SSL VPN	Remote Access VPN Policy UI path: Devices > VPN > Remote Access > Policy Assignment > VPN Protocols > SSL. See: Configuring a Remote Access VPN Connection. How-To: Configure Remote Access VPN.
VPN Load Balancing	VPN Load Balancing UI path: Edit the remote access VPN policy. Advanced > Load Balancing. See: Configuring VPN Load Balancing.	VPN load balancing is a mechanism for equitably distributing remote-access VPN traffic among the devices in a VPN load-balancing group.
Dynamic Access Policies	Dynamic Access Policies UI path: Devices > Dynamic Access Policy. See: Dynamic Access Policies. How-To: Configure Dynamic Access Policy for Remote Access VPN.	Enables you to configure authorization that addresses the dynamics of VPN environments.
Monitor VPN	Remote Access VPN Dashboard UI path: Overview > Dashboards > Remote Access VPN See: Remote Access VPN Monitoring.
Secure Client Hostscan	VPN File Objects UI path: Objects > Object Management > VPN > Secure Client File. See: File Objects.
Secure Client Custom Attributes	Secure Client Custom Attributes Objects UI path: Objects > Object Management > VPN > Custom Attribute. Secure Client Custom Attributes Objects.

Was this Document Helpful?

Feedback

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)