m.volodko Thu, 12/20/2007 - 06:45


I believe that you can use IAS service from windows server for this. ASA supports radius protocol, well it will looks like ASA->radius->AD.

majdalani Fri, 12/21/2007 - 04:45

Hi Thanks for your reply.

one question, can i install IAS on my DC ??

so that RADIUS Server will be the same as DC Server?

IF IAS is installed on a DC, will radius be able to lookup users from the AD ?

m.volodko Fri, 12/21/2007 - 05:45





It's definitely works, I did the same when implement dot1x.

majdalani Fri, 12/21/2007 - 06:16


Do u have any article on how to configure ASA 5500 to use RADIUS in its OUTBOUND rules authentication ?

m.volodko Fri, 12/21/2007 - 06:22


If you are using radius behind outside interface you have to specify it like:

ciscoasa(config)# aaa-server RADserver (outside) host

majdalani Fri, 12/21/2007 - 06:30

I want to authenticate my Internal Users, so that based on the authentication, if they go thru Rule # 1 or Rule # 2 in CISCO ASA.

In this stage, i am not intending to authenticate VPN ( Remote Users ) .

I need to authenticate Internal Users.

lets say i want to create the following rules:

rule 1 : allow> protocols> from internal > to external > groupA

rule 2 : allow> protocols> from internal > to external > groupB

is this possible ?

majdalani Fri, 12/21/2007 - 09:27

mmm, i would prefer if there is an article that illustrate how to do it with the GUI ( PDM ) , as i am guy who is used to work with GUI stuff :)

Thanks will check it.


This Discussion