Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
324
Views
0
Helpful
1
Replies

Authenticate VPN clients against AD

fedecotofaja
Level 1
Level 1

‎03-03-2009 08:51 AM

Hi All,

I have done in the past a configuration where the VPN clients get authenticated against a RADIUS server and uses the credentials from Active Directory.

Now, I need to configure the ASA to authenticate the VPN clients against AD directly. (There's no RADIUS server). Can I do that?

In other words, can I tell the ASA to talk directly to the AD and authenticate the VPN clients without any RADIUS or other server?

If so, is there's a link or configuration example?

Thank you!

Labels:
0 Helpful
1 Reply 1

Ivan Martinon
Level 7
Level 7

‎03-03-2009 10:15 AM

Hey, ASA can do this by using either LDAP protocol or authenticate them, Kerberos or NT Domain protocols (the use of either one of these depends on your Windows AD version)

For instance for later Win platforms like 2000 and 2003 LDAP or Kerberos should work, for Old NT environments you can use NT Domain:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/aaa.html

0 Helpful
Customers Also Viewed These Support Documents