WebVPN (clientless) + Windows Auth

Unanswered Question
Mar 18th, 2008
User Badges:

Hi All,


I've configured SSLVPN on Cisco ASA 5540 to authenticate using Windows AD by providing DomainController information. Though the authentication is working, I'm bit concerned about the security as this method of authentication mechanism would expose remote access to every other account on Windows AD (including service accounts).


Is there a mecahnism / way to restrict the authenticate to specific group of users while using Windows AD for authentication on Cisco ASA for SSLVpn?


Please note: There is no ACS server available on the network.


Appreciate quick help on this,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
PeterBodzay Fri, 03/21/2008 - 12:34
User Badges:

Hi,

Yes, Microsoft IAS would surely be a better solution.

Setting up AAA Radius authenticaton on your 5540 with IAS is not so tough and well documented.

A couple of useful links:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c18ff.shtml


Regarding Microsoft IAS there are tons of HowTo:s and KB-articles describing steb by step how to implement it.


If You use ASA 7.x and SSL/Web VPN is a important feature for you I would really recommend You to take a closer look on 8.x.


Hope this helps in someway.

Actions

This Discussion