ASA RA VPN with AD Authentication

2,697 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,697
On SlideShare
0
From Embeds
0
Number of Embeds
807
Actions
Shares
0
Downloads
36
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

ASA RA VPN with AD Authentication

  1. 1. Configuring an ASA for remote access VPN with Windows 2003 Active Directory Authentication<br />December 21, 2010<br />
  2. 2. Install Internet Authentication Services on a domain controller<br />Information for installing this service can be found on Microsoft’s Technet site at: http://technet.microsoft.com/en-us/library/cc781690%28WS.10%29.aspx<br />
  3. 3. Launch the IAS MMC<br />
  4. 4. Register the server in Active Directory<br />Click on register and go through the wizard.<br />
  5. 5. Install a new RADIUS client<br />
  6. 6. Add name and address<br />The name should be something easily recognizable like Cisco ASA<br />The address is the IP address of the inside interface<br />
  7. 7. Name and address<br />
  8. 8. Enter Shared Secret<br />Click next, and enter the RADIUS shared secret.<br />
  9. 9. Added RADIUS client<br />Click finish, and review the newly added client.<br />
  10. 10. Add remote access policy<br />
  11. 11. Click Next<br />
  12. 12. Add a policy name<br />
  13. 13. Select VPN radio button<br />
  14. 14. Add AD Group Name<br />Users with VPN access will need to be added into this active directory group<br />
  15. 15. Add authentication methods<br />Select MS-CHAPv2, and MS-CHAP<br />
  16. 16. Select Encryption Levels<br />All encryption levels selected by default<br />
  17. 17. Finish the wizard<br />
  18. 18. Verify RADIUS Ports<br />
  19. 19. RADIUS Ports<br />
  20. 20. Confirm authentication methods<br />Edit the properties of the RADIUS client<br />
  21. 21. Select unencrypted authentication<br />
  22. 22. IAS Configuration Complete<br />Now, time to add the AAA configuration in the Cisco ASA<br />
  23. 23. Configure ASA AAA<br />The host is the address of the server where IAS was installed and registered<br />The key is the shared secret<br />
  24. 24. Verify AD authentication in ASA<br />The IP address in the ‘test aaa’ command is the IAS server.<br />The test account must be in the AD group added in the IAS policy.<br />
  25. 25. All Done<br />Hopefully, it is working for you.<br />If not, check the event logs on the IAS server.<br />Verify the shared secret password matches on the IAS server and the ASA.<br />Verify the IAS service is running.<br />
  26. 26. Courtesy of DirFlash<br />

×