Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Integrating Microsoft NAP with Cisco ASA

Hello everyone,

I'm quite new to the Cisco world. I wonder if and how it is possible to marry Cisco ASA with Microsoft NAP (in Terms of VPN Enforcement). Does anybody know some helpful documents? Is an ACS Server/Appliance necessary?

Thanks in advance and kind regards

5 REPLIES
Cisco Employee

Re:Integrating Microsoft NAP with Cisco ASA

No, you don't need acs if you want to integrate asa with nps for vpn and adminiterative (telnet/ssh) access. With Microsoft nps you just can't configure Tacacs related features like command authorization and command accounting. I will try to post a document/link for your reference.


Sent from Cisco Technical Support Android App

~BR Jatin Katyal **Do rate helpful posts**
New Member

Integrating Microsoft NAP with Cisco ASA

Hello Jatin,

thanks so much for your fast reply.

What is with Microsoft NAP (Network Access Protection), does this also work (Here are some Client-Components involved like System Health Validators and so on)?

Kind regards

Cisco Employee

Integrating Microsoft NAP with Cisco ASA

You just need NPS (Network Policy server) to act as a radius server.

http://technet.microsoft.com/library/cc732912.aspx

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
Cisco Employee

Integrating Microsoft NAP with Cisco ASA

Please post here if you have any further queries.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Integrating Microsoft NAP with Cisco ASA

Hello Jatin,

thanks for your reply.

Microsoft states that authentication via PEAP is necessary for NAP to work:

"One security feature of PEAP is the transmission of Statement of Health (SoH) messages."

(see http://blogs.msdn.com/b/openspecification/archive/2009/06/05/peap-phase-2-encapsulation-examples-for-a-client-authenticating-with-ms-chapv2.aspx?Redirected=true)

However, I found this topic which states that PEAP auth. is not possible with the ASA: https://supportforums.cisco.com/thread/2028742

Is that true?

694
Views
5
Helpful
5
Replies