RADIUS authentication for VPN users?

whiteford · ‎07-09-2007

We have a VPN concentrator, how can I stop users using local accounts and use their Windows Active Directory user accounts?

Richard Burts · ‎07-09-2007

Andy

Would I be correct in assuming that your VPN concentrator is one of the Cisco 3000 series concentrators?

Maybe I am missing something, but it seems to me to be fairly straightforward: the concentrator specifies how to authenticate and apparently now it is configured to use its local database of user accounts. It should be a fairly simple change to specify that it should authenticate these users with Radius. At that point it should stop using local accounts.

HTH

Rick

HTH

Rick

whiteford · ‎07-09-2007

I it is a Cisco 3015 series concentrator, where do I configure this?

Richard Burts · ‎07-09-2007

Andy

I assume that your 3015 operates the same as the 3060s that I work with. From the Configuration line, to the User Management line, to the Groups line. Select the group that the user belongs to, on the right side of the screen is an option to modify Authentication Servers. Select this option and configure the external server that will authenticate.

HTH

Rick

HTH

Rick

whiteford · ‎07-10-2007

I would like to use windows 2003 IAS (Radius) I want to allow only users in the AD Radius group called "VPN" to be able to access our network.

Can this be done and the users will then log in using their AD usernames and passwords?

Richard Burts · ‎07-10-2007

Andy

I believe that this can be done. Make sure that your users are in the group, specify that the group should use 2003 IAS (Radius) as its authentication server. It should work.

HTH

Rick

HTH

Rick