cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2153
Views
0
Helpful
6
Replies

how can configure VPN client with LDAP?

rechard_david
Level 1
Level 1

Dear All,,

How can configure VPN client with LDAP on Cisco router and ASA?

i have Cisco router 1841, and ASA 5505.

Best Regards

Rechard_David

1 Accepted Solution

Accepted Solutions

Hello,

Here is a sample configuration for the firewall (ASA):

aaa-server TEST protocol nt
aaa-server TEST (inside) host 192.168.254.11
nt-auth-domain-controller Primary
aaa-server TEST (inside) host
nt-auth-domain-controller Cisco

tunnel-group VPNGR type ipsec-ra
tunnel-group VPNGR general-attributes
address-pool VPNPool
authentication-server-group TEST LOCAL
default-group-policy VPNGR

Hope this helps.

Regards,

NT

View solution in original post

6 Replies 6

rechard_david
Level 1
Level 1

Dear all,

Any body, do you hav any advise?

Best Regards,

Rechard

Hello,

Here is a sample configuration for the firewall (ASA):

aaa-server TEST protocol nt
aaa-server TEST (inside) host 192.168.254.11
nt-auth-domain-controller Primary
aaa-server TEST (inside) host
nt-auth-domain-controller Cisco

tunnel-group VPNGR type ipsec-ra
tunnel-group VPNGR general-attributes
address-pool VPNPool
authentication-server-group TEST LOCAL
default-group-policy VPNGR

Hope this helps.

Regards,

NT

Dear NT,

Thanks you for your assist!!!

Could you let me know , How can we configure VPN with LDAP on Cisco Router? Remote acces, not SSL

Best Regards,

Rechard_david

Hello,

I am not an expert in VPN configurations with routers. But you can use this document to configure the LDAP on the routers:

http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_ldap.html

You can use the AAA group in the VPN configuration for authentication.

Hope this helps.

Regards,

NT

Dear NT,

Thank you for your help!!!

I was rate for you already. and about configuration on Router i will be create new topic!!!!

Best Regards,

Rechard

I don't know if you have solved this. But if you want I have a Pix ASA working with authentication and dynamic ACL authorization. I have created a group in LDAP where I put my users and permisions they have (traffic ACL) and I can assign ACLs in a dynamic way (the pix can add ACLs that reads from the LDAP).

Regards,

Gonzalo

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco