Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ssl client will not auth. against AD

I am unable to get ssl client to authen. through AD. I had added the AD server to the group Authen. server I also Test local AD account it "authen. successful." But using ssl from remote will not work. Internal added user are able to authen through ssl, also ipsec through AD works


Re: ssl client will not auth. against AD

When you would like to use the SSL Client to the concentrator, you first https to the Public Interface (by DNS name or IP Address). Then you will be given the WebVPN Login screen. From here the user would login using almost any authentication you would like. Though they would be connecting in using the Base Group.Based on settings, two things will happen at this point.

The first is the SSL Client will try to install itself. The other possibility is you will be taken to the WebVPN screen.

After the SSL Client is installed, it will automatically start to run and connect.

Normally when you are using the SSL VPN Client, it will always connect to the Base Group. In order to have it connect to a different group, you must use an authentication method that allows for group lock to push them to a different group.

If you want SSL client users to be authenticated by external authentication servers, the servers much push group name(attribute) to the concentrator. If the server is RADIUS, then there is class attribute 25 for group name. for it.

Thus all users go to Base group even if specific groups were configured.

As a workaround, you can use RADIUS and push class attribute 25.

New Member

Re: ssl client will not auth. against AD

You should try to move up your AD server in first position in your Authentication server group.

CreatePlease to create content