Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5500 - AD Support

Hi,

Does ASA 5500 support active directory ? in this i mean can i create outbound rules that authenticate users from AD ?

9 REPLIES
New Member

Re: ASA 5500 - AD Support

Hello,

I believe that you can use IAS service from windows server for this. ASA supports radius protocol, well it will looks like ASA->radius->AD.

New Member

Re: ASA 5500 - AD Support

Hi Thanks for your reply.

one question, can i install IAS on my DC ??

so that RADIUS Server will be the same as DC Server?

IF IAS is installed on a DC, will radius be able to lookup users from the AD ?

New Member

Re: ASA 5500 - AD Support

Hello,

Yes.

Yes.

Yes.

It's definitely works, I did the same when implement dot1x.

New Member

Re: ASA 5500 - AD Support

Thanks i just found this : http://support.microsoft.com/kb/317588

Will check it, and if i have any question, will report back. thanks

New Member

Re: ASA 5500 - AD Support

Hi,

Do u have any article on how to configure ASA 5500 to use RADIUS in its OUTBOUND rules authentication ?

New Member

Re: ASA 5500 - AD Support

Hello,

If you are using radius behind outside interface you have to specify it like:

ciscoasa(config)# aaa-server RADserver (outside) host 10.10.10.10

New Member

Re: ASA 5500 - AD Support

I want to authenticate my Internal Users, so that based on the authentication, if they go thru Rule # 1 or Rule # 2 in CISCO ASA.

In this stage, i am not intending to authenticate VPN ( Remote Users ) .

I need to authenticate Internal Users.

lets say i want to create the following rules:

rule 1 : allow> protocols> from internal > to external > groupA

rule 2 : allow> protocols> from internal > to external > groupB

is this possible ?

New Member

Re: ASA 5500 - AD Support

New Member

Re: ASA 5500 - AD Support

mmm, i would prefer if there is an article that illustrate how to do it with the GUI ( PDM ) , as i am guy who is used to work with GUI stuff :)

Thanks will check it.

174
Views
0
Helpful
9
Replies