I am using an Asa 5520 for remote access VPN. We currently use local groups for authenticating users but i would like to use nt domain authentication. I have tested using nt domain authentication using one of our domain controllers but how do i control who is allowed to vpn with the dial in allow option within active directory. Is there a simple way with nt domain authentication or do i need to set it as ldap and so some sort of ldap attribute mapping. It would be great if ldap attribute mapping worked with nt domain authentication. Please help there must be loads of people with this set up.
if you are, you can restrict it according to AD groups. In this case, you just create a security group in AD and add the users you want to be allowed to use the VPN, and then assign the group to your remote access policy in IAS.
No I know its possible with RADIUS but I would like to avoid having to set up an IAS (RADIUS) server.
I have managed to set up ISA 2006 in a test lab and it works perfectly for groups and controlling access but i am thinking an asa 5500 must be able to compete with that without having to use IAS (RADIUS)
I would love to know if anyone uses the NT Domain or LDAP option?
Does the RADIUS method work alright for large amounts of users or can it be slow? I might end up using it if its the most popluar method
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...