Active Directory (Windows 2003) Authentication VPN Remote Client

Unanswered Question
Feb 15th, 2008
User Badges:


i was wondering if i can use my windows 2003 server for authentication instead of local AAA server


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
husycisco Sat, 02/16/2008 - 07:46
User Badges:
  • Gold, 750 points or more

Hi Dmitry

Thanks for starting a new conversations with a new topic. This post will be usefull for askers who search for this topic in future.

Do you have IAS configured in win2003 server? If you have, please apply the "Microsoft Windows 2003 Server with IAS Configuration" chapter in following link, to define your ASA to IAS server.

Please notify me when you are done


alexus Sat, 02/16/2008 - 14:12
User Badges:

i dont think i have that, is that a requirement for get this thing to work?

or is it an option? what other options is out there? i somehow though it'd be able to do authentication out of the box..

husycisco Sun, 02/17/2008 - 08:19
User Badges:
  • Gold, 750 points or more

Yes. You need a RADIUS configured in server to make authentications. IAS (Ineternet Authentication Server) is RADIUS for Windows2003 family. This is a built-in feature so you can simply enable it via add/remove programs. Following is the guide from Microsoft KB

Install IAS

To install IAS:

1. Click Start, point to Settings, and then click Control Panel.

2. Double-click Add/Remove Programs, and then click Add/Remove Windows Components.

3. In the Components list, click the words Networking Services (but do not select or clear its check box), and then click Details.

4. Click to select the Internet Authentication Service check box, and then click OK.

5. Click Next, and then click Finish.

6. In the Add/Remove Programs dialog box, click Close.

7. To start IAS, click Start, point to Programs, point to Administrative Tools, and then click Internet Authentication Service.

Enable IAS to Authenticate Users in Active Directory

To register the IAS service in Active Directory:

1. Start the IAS snap-in. To do this, click Start, point to Programs, point to Administrative Tools, and then click Internet Authentication Service.

2. On the Action menu, click Register Service in Active Directory.

3. Click OK to confirm the IAS registration in the local domain, and then click OK.

biztechcon Tue, 08/05/2008 - 13:01
User Badges:

Yes you can. Go to this link and it'll walk you right through it. The troubleshooting section is useful if you have problems. A word of advice is to pay close attention to the format and case of your LDAP DNs. Match it exactly with the output of the dsquery user -samid command and you'll be fine.


This Discussion