3005 VPN - Active Directory Authentication

Unanswered Question
Aug 10th, 2010
User Badges:


I'm a novice admin for Cisco VPN 3005 concentrator. How do I setup a Active Directory authentication so that remote users are authenticated and login scripts are executed?

Can this be authenticated to Windows Server 2008 R2?

Client: XP SP2/SP3



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
ryancolson Thu, 09/02/2010 - 00:51
User Badges:

you can also use radius, i believe in server 2008 its called Network policy server.  You can have it answer back not only a yes or no, but the AD group

as well.  Lets say you wanted policies for 3 groups



Domain admins

each of these would have a radius policy, and if someone was a member of marketing, NPS/IAS(if server 2003) would answer back with the group name, which would correspond with the group policy name in the 3005(they dont necessarily have to match, if you want marketing to be in a group on the 3005 called limited etc.  I do remember this was a tad tricky to configure on the 3005, but I had it working a while ago just like this, and was able to use one ipsec group but different policies based on the radius response.  I defined the policy groups(IP assignments, allowed subents etc) on the 3005.


This Discussion