ASA RA VPN with AD Authentication
Upcoming SlideShare
Loading in...5
×
 

ASA RA VPN with AD Authentication

on

  • 2,604 views

 

Statistics

Views

Total Views
2,604
Views on SlideShare
1,895
Embed Views
709

Actions

Likes
0
Downloads
24
Comments
0

5 Embeds 709

http://www.dirflash.com 694
http://translate.googleusercontent.com 12
http://translate.yandex.net 1
http://cache.baidu.com 1
http://www.dirflash.com. 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

ASA RA VPN with AD Authentication ASA RA VPN with AD Authentication Presentation Transcript

  • Configuring an ASA for remote access VPN with Windows 2003 Active Directory Authentication
    December 21, 2010
  • Install Internet Authentication Services on a domain controller
    Information for installing this service can be found on Microsoft’s Technet site at: http://technet.microsoft.com/en-us/library/cc781690%28WS.10%29.aspx
  • Launch the IAS MMC
  • Register the server in Active Directory
    Click on register and go through the wizard.
  • Install a new RADIUS client
  • Add name and address
    The name should be something easily recognizable like Cisco ASA
    The address is the IP address of the inside interface
  • Name and address
  • Enter Shared Secret
    Click next, and enter the RADIUS shared secret.
  • Added RADIUS client
    Click finish, and review the newly added client.
  • Add remote access policy
  • Click Next
  • Add a policy name
  • Select VPN radio button
  • Add AD Group Name
    Users with VPN access will need to be added into this active directory group
  • Add authentication methods
    Select MS-CHAPv2, and MS-CHAP
  • Select Encryption Levels
    All encryption levels selected by default
  • Finish the wizard
  • Verify RADIUS Ports
  • RADIUS Ports
  • Confirm authentication methods
    Edit the properties of the RADIUS client
  • Select unencrypted authentication
  • IAS Configuration Complete
    Now, time to add the AAA configuration in the Cisco ASA
  • Configure ASA AAA
    The host is the address of the server where IAS was installed and registered
    The key is the shared secret
  • Verify AD authentication in ASA
    The IP address in the ‘test aaa’ command is the IAS server.
    The test account must be in the AD group added in the IAS policy.
  • All Done
    Hopefully, it is working for you.
    If not, check the event logs on the IAS server.
    Verify the shared secret password matches on the IAS server and the ASA.
    Verify the IAS service is running.
  • Courtesy of DirFlash