Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AD Authentication for Client VPN

Hi,

I am using Cisco 1812 as EZVPN server. I want to use Active directory for VPN user authentication. I am trying from couple of days but no success.

With ASA, i am able to authenticate against AD, but not with IOS router. Below are my configurations

aaa authentication login AD krb5

kerberos local-realm THECCIEGROUP.LOCAL

kerberos realm thecciegroup.local THECCIEGROUP.LOCAL

kerberos realm .thecciegroup.local THECCIEGROUP.LOCAL

kerberos server THECCIEGROUP.LOCAL 10.10.102.2

kerberos preauth encrypted-kerberos-timestamp

kerberos credentials forward

If kerberos authentication is not possible, I would like to know the possibility of using AD as ACS external database. I am running both AD and ACS in the same server. If i can integrate AD with ACS, i can use TACACS or RADIUS for the authentication.

Thanks&Regards,

Vamsi Pinnaka

Bangalore.

Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

AD Authentication for Client VPN

I can answer from the ACS side.

Yes you can integrate ACS with AD and then the switch uses ACS like a radius server. ACS checks AD through kerberos in the backend, transparently.

If you have ACS 4.x running on a Windows PC being a member server of the domain, the integration is automatically done actually.

3 REPLIES
Cisco Employee

AD Authentication for Client VPN

I can answer from the ACS side.

Yes you can integrate ACS with AD and then the switch uses ACS like a radius server. ACS checks AD through kerberos in the backend, transparently.

If you have ACS 4.x running on a Windows PC being a member server of the domain, the integration is automatically done actually.

New Member

AD Authentication for Client VPN

Thanks for your reply. Better i will go with ACS with AD. I can have better authorization features with TACACS...

I will do this and let you know.....

Thanks&Regards,

Vamsi Pinnaka

Bangalore

New Member

AD Authentication for Client VPN

Working perfectly..... Successfully integrated AD with ACS external database..

Thanks&Regards

Vamsi Pinnaka

Bangalore

842
Views
0
Helpful
3
Replies
CreatePlease login to create content