I have our VPN users logging in via our Cisco Concentrator using Windows IAS RADIUS server. The thing is users can log in with there Active directory username and password and the don't need to put the domain first (in the VPN client) for example domain\username is this right? How does it know the domain name?
Establish an IPsec tunnel between a Cisco VPN 3000 Concentrator and a Cisco VPN Client 4.x for Windows using RADIUS for user authentication and accounting. This document recommends the Cisco Secure Access Control Server (ACS) for Windows for the easier RADIUS configuration to authenticate users that connect to a VPN 3000 Concentrator. A group on a VPN 3000 Concentrator is a collection of users treated as a single entity. The configuration of groups, as opposed to individual users, can simplify system management and streamline configuration tasks.
The VPN Concentrator does not know. It only passes the information that it received (username/password) from the client, sends it on to the RADIUS server and then expects a Yes or No answer back from the RADIUS server.
The default User Database for IAS is AD. Look in the IAS MMC under "Connection Request Processing" --> "Connection Request Policies" and you should see "Use Windows authentication for all users"; thats where it is getting its settings from.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...