Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Win 2003 + ASA 8.x authentication

Hello guys,

I have a client that has a Win 2003 R2 server without AD installed. I have an ASA 5505 which is going to terminate the L2TP over IPSec tunnels (Win XP SP2 or later clients...hopefully). My question is what options do I have for authentication against the local SAM database? I read tons of documents and it seems that LDAP and Kerberos authentication require AD, NTLM can be used only with Web VPN for SSO (besides that it's deprecated in Win 2003 as far as I know) so the only option I've got is running IAS (part of the default packages coming with Win 2003 R2, not an additional soft, right?) and utilizing the local SAM, is that right?

There's a pretty nice article right here:

The only thing that bothers me is "The following groups are in this condition" window. What properties should a Win 2003 user group have so that it's eligible for use by the IAS service for authentication purposes? Also - has anyone deployed this setup, are there any non-obvious obstacles/problems that occur? I'm a little bit scared as my Win 2003 administration skills are not pretty good and don't wanna mess up something I cannot fix later.


Re: Win 2003 + ASA 8.x authentication

New Member

Re: Win 2003 + ASA 8.x authentication

I've already read this. Do you notice the little "against Active Directory" thing in the title? My problem is that I have to do this against the local SAM database:)