Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Authenticate with Microsoft LDAP

Hi all,

I am running ASA ver. 8.2(2)  and all users are configured in the ASA. This ASA is uses as a VPN ASA and we are using it for remote access for external users. When a user is logged in, he gets all parameters that are need to continue working from outside, such as, IP, assigned to special group with special permissions and so on. All the parameters that are needed are configured under  user attribute. See example below:


username username1 password xxxxxx == nt-encrypted

username username1 attributes

vpn-group-policy Basic

vpn-access-hours none

vpn-simultaneous-logins 1

vpn-idle-timeout 30

vpn-session-timeout none

vpn-filter value DDD-Basic

vpn-tunnel-protocol IPSec


password-storage enable

group-lock value Basic


Is it possible to live the user attributes as is and to force the users to authenticate via LDAP servers only?


Authenticate with Microsoft LDAP

Hi Bro

Yes, this can be done. Please refer to

P/S: If you think this comment is useful, please do rate them nicely :-)

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
New Member

Authenticate with Microsoft LDAP

Hello Ramraj,

Thanks a lot to your reply, sorry for the delay, but now I have a chance to verify again the above issue and according to the debug I triggered in ASA (225) , it is getting the right user and recognize it correct. I had no errors. But I am still getting en error from the VPN client. The error I received is "Secure VPN connection terminated locally by the client. Reason 413: User authentication failed." I also tried to get an IP from AD withput success. Any Idea ?

Thanks, a lot,


New Member

Authenticate with Microsoft LDAP

:-) By mistake I marked the wrong star forgive me man

New Member

Authenticate with Microsoft LDAP

Hello Ramraj,

Sorry for the delay, but yesterday I had a chance to check again and to test what I configured accroding to the document that you sent me a while ago (:-)). I triggered the debug on the ASA 5520 and everything looks fine. The LDAP server is sending the right information without any error message. In the VPN client when I am trying to login I am receiving the following error message:

"Secure VPN connection terminated locally by the client. Reason 413:User authentication failed" . Googled this error message and I found that I need to enable the simultaneous logins to enable. I enabled it but I got the same error message. This configuration is under remote access vpn>group-policies>General>more options.

Any idea what could be the reason?

Thanks alot ,