Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

AAA Server Groups

I am using an Asa 5520 for remote access VPN. We currently use local groups for authenticating users but i would like to use nt domain authentication. I have tested using nt domain authentication using one of our domain controllers but how do i control who is allowed to vpn with the dial in allow option within active directory. Is there a simple way with nt domain authentication or do i need to set it as ldap and so some sort of ldap attribute mapping. It would be great if ldap attribute mapping worked with nt domain authentication. Please help there must be loads of people with this set up.


Re: AAA Server Groups

Are you using IAS as your RADIUS server?

if you are, you can restrict it according to AD groups. In this case, you just create a security group in AD and add the users you want to be allowed to use the VPN, and then assign the group to your remote access policy in IAS.

Community Member

Re: AAA Server Groups

Thanks srue.

No I know its possible with RADIUS but I would like to avoid having to set up an IAS (RADIUS) server.

I have managed to set up ISA 2006 in a test lab and it works perfectly for groups and controlling access but i am thinking an asa 5500 must be able to compete with that without having to use IAS (RADIUS)

I would love to know if anyone uses the NT Domain or LDAP option?

Does the RADIUS method work alright for large amounts of users or can it be slow? I might end up using it if its the most popluar method

CreatePlease to create content