Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
617
Views
1
Helpful
4
Replies

Authenticate with Microsoft LDAP

Reuven Elkabetz
Level 1
Level 1

‎07-25-2012 11:15 PM - edited ‎03-11-2019 04:34 PM

Hi all,

I am running ASA ver. 8.2(2)  and all users are configured in the ASA. This ASA is uses as a VPN ASA and we are using it for remote access for external users. When a user is logged in, he gets all parameters that are need to continue working from outside, such as, IP, assigned to special group with special permissions and so on. All the parameters that are needed are configured under  user attribute. See example below:

  

username username1 password xxxxxx == nt-encrypted

username username1 attributes

vpn-group-policy Basic

vpn-access-hours none

vpn-simultaneous-logins 1

vpn-idle-timeout 30

vpn-session-timeout none

vpn-filter value DDD-Basic

vpn-tunnel-protocol IPSec

vpn-framed-ip-address 1.1.1.1 255.255.255.0

password-storage enable

group-lock value Basic

            

Is it possible to live the user attributes as is and to force the users to authenticate via LDAP servers only?

Labels:
0 Helpful
4 Replies 4

Ramraj Sivagnanam Sivajanam
Level 4
Level 4

‎07-26-2012 09:13 AM

Hi Bro

Yes, this can be done. Please refer to https://supportforums.cisco.com/thread/2045265

P/S: If you think this comment is useful, please do rate them nicely :-)

Warm regards,
Ramraj Sivagnanam Sivajanam

Reuven Elkabetz
Level 1
Level 1
In response to Ramraj Sivagnanam Sivajanam

‎09-04-2012 11:39 PM

Hello Ramraj,

Thanks a lot to your reply, sorry for the delay, but now I have a chance to verify again the above issue and according to the debug I triggered in ASA (225) , it is getting the right user and recognize it correct. I had no errors. But I am still getting en error from the VPN client. The error I received is "Secure VPN connection terminated locally by the client. Reason 413: User authentication failed." I also tried to get an IP from AD withput success. Any Idea ?

Thanks, a lot,

Reuven

0 Helpful

Reuven Elkabetz
Level 1
Level 1
In response to Reuven Elkabetz

‎09-06-2012 01:08 AM

:-) By mistake I marked the wrong star forgive me man

0 Helpful

Reuven Elkabetz
Level 1
Level 1
In response to Reuven Elkabetz

‎10-23-2012 10:49 PM

Hello Ramraj,

Sorry for the delay, but yesterday I had a chance to check again and to test what I configured accroding to the document that you sent me a while ago (:-)). I triggered the debug on the ASA 5520 and everything looks fine. The LDAP server is sending the right information without any error message. In the VPN client when I am trying to login I am receiving the following error message:

"Secure VPN connection terminated locally by the client. Reason 413:User authentication failed" . Googled this error message and I found that I need to enable the simultaneous logins to enable. I enabled it but I got the same error message. This configuration is under remote access vpn>group-policies>General>more options.

Any idea what could be the reason?

Thanks alot ,

Reuven

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card