Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

vpn and windows radius

Can anyone tell me a simple setup to to this, and do I need AD on my radius ? some simple guidelines would be nice if poss ?




Re: vpn and windows radius

I assume you are trying to get remote users authenticating against AD .. is that correct ..?

if this is the case then you need a windows box running IAS to act as radius server and be member of the domain. You only need to refer to microsoft for setting this up is very straight forward.

The cisco device terminating the VPN needs to be configured as Radius client for the IAS box so that your users credentials are passed to the IAS box for authentication.

attached an example config for a cisco router:

Community Member

Re: vpn and windows radius

Thankyou, Does the IAS look at the active directory user accounts to authenticate ? because we put in the domain username and password to login, what exactly is the radius doing in this case ?

Community Member

Re: vpn and windows radius

Carl, you didn't mention what type of VPN device you are using. If you use a 3000 series Concentrator then you don't need RADIUS. It will "talk" directly to a Windows domain for authentication. If you are using a PIX or router then you need RADIUS to be an interface or interpreter if you will between these devices and your Windows domain. Routers and PIXs don't have the built-in SMB capability to speak directly to AD so they need RADIUS, TACACS+, etc.

IAS is pretty good and best of all it's free. If you do a search on CCO there is a document that takes you step-by-step to get this setup.

The thing that puzzles me is that you say you already put in a domain username and password and it gets you in. Is it possible that there is a local user database on your device that just happens to have the same set of credentials that are in AD?


CreatePlease to create content