SA540 - SSL VPN AD Authentication

Unanswered Question

I'm having difficulty setting up AD authentication for SSL-VPN. I followed the document AD Authentication for SSL Portal (https://supportforums.cisco.com/docs/DOC-9375) to set-up the AD Domain connection. Domain is a Windows 2003 domain with both Windows 2003 and Windows 2008 R2 domain controllers.

I am able to successfully authenticate using local user accounts, however attempting to Login to the portal using a domain account returns an Invalid username or password response from the portal.

I've turned on Audit logging for both successful and unsuccessful events in both Domain controllers, and I've changed the AD domain record to point to each DC in turn but without success. From the Windows Logs I can't see any actual attempt from the SA540 to authenticate the user, there is no logged event relating to this at all.

There are also no logs recorded in the SA540 for the SSL VPN, whether for succesful (local) authentication or unscuccessful (domain) authentication. I've looked through the SSLVPN configuration, but I'm unable to see anywhere to turn logging on in the hope of shedding further light on the issue.

Firmware version is 1.1.42.

Mark

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
nmanglik Wed, 02/23/2011 - 14:13

Hi Mark,

Please find the performed steps:

1.Add a custom Portal layout.

2.Add a Domain with Active Directory as authentication type with AD server IP and Domain details

3.Add a user for Active directory Domain

4.Enable remote management on 443 port

5.Open Portal from WAN side using https://Device WAN IP/Portal/Portal_name

6.Enter active directory user credentials for authentication.

Please let us know if you need any further assistance on this issue.

Just in case you have not noticed, the latest firmware version for SA500 is 2.1.18 and is available on www.Cisco.com

Thanks,

Nitin.

Actions

This Discussion