IAS RADIUS and Cisco concentrator 3015

whiteford · ‎07-31-2007

Hi,

I have our VPN users logging in via our Cisco Concentrator using Windows IAS RADIUS server. The thing is users can log in with there Active directory username and password and the don't need to put the domain first (in the VPN client) for example domain\username is this right? How does it know the domain name?

bwalchez · ‎08-06-2007

Establish an IPsec tunnel between a Cisco VPN 3000 Concentrator and a Cisco VPN Client 4.x for Windows using RADIUS for user authentication and accounting. This document recommends the Cisco Secure Access Control Server (ACS) for Windows for the easier RADIUS configuration to authenticate users that connect to a VPN 3000 Concentrator. A group on a VPN 3000 Concentrator is a collection of users treated as a single entity. The configuration of groups, as opposed to individual users, can simplify system management and streamline configuration tasks.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00807f6e76.shtml

whiteford · ‎08-06-2007

Thanks but windows IAS was very easy and quick to setup and costs nothing.

claforest · ‎08-08-2007

The VPN Concentrator does not know. It only passes the information that it received (username/password) from the client, sends it on to the RADIUS server and then expects a Yes or No answer back from the RADIUS server.

The default User Database for IAS is AD. Look in the IAS MMC under "Connection Request Processing" --> "Connection Request Policies" and you should see "Use Windows authentication for all users"; thats where it is getting its settings from.