AAA Server Groups

Unanswered Question
Jan 11th, 2008
User Badges:

I am using an Asa 5520 for remote access VPN. We currently use local groups for authenticating users but i would like to use nt domain authentication. I have tested using nt domain authentication using one of our domain controllers but how do i control who is allowed to vpn with the dial in allow option within active directory. Is there a simple way with nt domain authentication or do i need to set it as ldap and so some sort of ldap attribute mapping. It would be great if ldap attribute mapping worked with nt domain authentication. Please help there must be loads of people with this set up.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Fri, 01/11/2008 - 09:50
User Badges:
  • Blue, 1500 points or more

Are you using IAS as your RADIUS server?

if you are, you can restrict it according to AD groups. In this case, you just create a security group in AD and add the users you want to be allowed to use the VPN, and then assign the group to your remote access policy in IAS.

THCox Sat, 01/12/2008 - 15:17
User Badges:

Thanks srue.

No I know its possible with RADIUS but I would like to avoid having to set up an IAS (RADIUS) server.

I have managed to set up ISA 2006 in a test lab and it works perfectly for groups and controlling access but i am thinking an asa 5500 must be able to compete with that without having to use IAS (RADIUS)

I would love to know if anyone uses the NT Domain or LDAP option?

Does the RADIUS method work alright for large amounts of users or can it be slow? I might end up using it if its the most popluar method


This Discussion