ASA RA VPN with AD Authentication
Upcoming SlideShare
Loading in...5

ASA RA VPN with AD Authentication






Total Views
Views on SlideShare
Embed Views



5 Embeds 709 694 12 1 1 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

ASA RA VPN with AD Authentication ASA RA VPN with AD Authentication Presentation Transcript

  • Configuring an ASA for remote access VPN with Windows 2003 Active Directory Authentication
    December 21, 2010
  • Install Internet Authentication Services on a domain controller
    Information for installing this service can be found on Microsoft’s Technet site at:
  • Launch the IAS MMC
  • Register the server in Active Directory
    Click on register and go through the wizard.
  • Install a new RADIUS client
  • Add name and address
    The name should be something easily recognizable like Cisco ASA
    The address is the IP address of the inside interface
  • Name and address
  • Enter Shared Secret
    Click next, and enter the RADIUS shared secret.
  • Added RADIUS client
    Click finish, and review the newly added client.
  • Add remote access policy
  • Click Next
  • Add a policy name
  • Select VPN radio button
  • Add AD Group Name
    Users with VPN access will need to be added into this active directory group
  • Add authentication methods
    Select MS-CHAPv2, and MS-CHAP
  • Select Encryption Levels
    All encryption levels selected by default
  • Finish the wizard
  • Verify RADIUS Ports
  • RADIUS Ports
  • Confirm authentication methods
    Edit the properties of the RADIUS client
  • Select unencrypted authentication
  • IAS Configuration Complete
    Now, time to add the AAA configuration in the Cisco ASA
  • Configure ASA AAA
    The host is the address of the server where IAS was installed and registered
    The key is the shared secret
  • Verify AD authentication in ASA
    The IP address in the ‘test aaa’ command is the IAS server.
    The test account must be in the AD group added in the IAS policy.
  • All Done
    Hopefully, it is working for you.
    If not, check the event logs on the IAS server.
    Verify the shared secret password matches on the IAS server and the ASA.
    Verify the IAS service is running.
  • Courtesy of DirFlash