m.volodko Thu, 12/20/2007 - 06:45

Hello,

I believe that you can use IAS service from windows server for this. ASA supports radius protocol, well it will looks like ASA->radius->AD.


majdalani Fri, 12/21/2007 - 04:45

Hi Thanks for your reply.


one question, can i install IAS on my DC ??


so that RADIUS Server will be the same as DC Server?


IF IAS is installed on a DC, will radius be able to lookup users from the AD ?



m.volodko Fri, 12/21/2007 - 05:45

Hello,

Yes.

Yes.

Yes.


It's definitely works, I did the same when implement dot1x.

majdalani Fri, 12/21/2007 - 06:16


Hi,


Do u have any article on how to configure ASA 5500 to use RADIUS in its OUTBOUND rules authentication ?


m.volodko Fri, 12/21/2007 - 06:22

Hello,

If you are using radius behind outside interface you have to specify it like:


ciscoasa(config)# aaa-server RADserver (outside) host 10.10.10.10

majdalani Fri, 12/21/2007 - 06:30

I want to authenticate my Internal Users, so that based on the authentication, if they go thru Rule # 1 or Rule # 2 in CISCO ASA.


In this stage, i am not intending to authenticate VPN ( Remote Users ) .


I need to authenticate Internal Users.


lets say i want to create the following rules:


rule 1 : allow> protocols> from internal > to external > groupA


rule 2 : allow> protocols> from internal > to external > groupB


is this possible ?

majdalani Fri, 12/21/2007 - 09:27

mmm, i would prefer if there is an article that illustrate how to do it with the GUI ( PDM ) , as i am guy who is used to work with GUI stuff :)


Thanks will check it.

Actions

This Discussion