Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

ASA RA VPN with AD Authentication


Published on

  • Be the first to comment

  • Be the first to like this

ASA RA VPN with AD Authentication

  1. 1. Configuring an ASA for remote access VPN with Windows 2003 Active Directory Authentication<br />December 21, 2010<br />
  2. 2. Install Internet Authentication Services on a domain controller<br />Information for installing this service can be found on Microsoft’s Technet site at:<br />
  3. 3. Launch the IAS MMC<br />
  4. 4. Register the server in Active Directory<br />Click on register and go through the wizard.<br />
  5. 5. Install a new RADIUS client<br />
  6. 6. Add name and address<br />The name should be something easily recognizable like Cisco ASA<br />The address is the IP address of the inside interface<br />
  7. 7. Name and address<br />
  8. 8. Enter Shared Secret<br />Click next, and enter the RADIUS shared secret.<br />
  9. 9. Added RADIUS client<br />Click finish, and review the newly added client.<br />
  10. 10. Add remote access policy<br />
  11. 11. Click Next<br />
  12. 12. Add a policy name<br />
  13. 13. Select VPN radio button<br />
  14. 14. Add AD Group Name<br />Users with VPN access will need to be added into this active directory group<br />
  15. 15. Add authentication methods<br />Select MS-CHAPv2, and MS-CHAP<br />
  16. 16. Select Encryption Levels<br />All encryption levels selected by default<br />
  17. 17. Finish the wizard<br />
  18. 18. Verify RADIUS Ports<br />
  19. 19. RADIUS Ports<br />
  20. 20. Confirm authentication methods<br />Edit the properties of the RADIUS client<br />
  21. 21. Select unencrypted authentication<br />
  22. 22. IAS Configuration Complete<br />Now, time to add the AAA configuration in the Cisco ASA<br />
  23. 23. Configure ASA AAA<br />The host is the address of the server where IAS was installed and registered<br />The key is the shared secret<br />
  24. 24. Verify AD authentication in ASA<br />The IP address in the ‘test aaa’ command is the IAS server.<br />The test account must be in the AD group added in the IAS policy.<br />
  25. 25. All Done<br />Hopefully, it is working for you.<br />If not, check the event logs on the IAS server.<br />Verify the shared secret password matches on the IAS server and the ASA.<br />Verify the IAS service is running.<br />
  26. 26. Courtesy of DirFlash<br />