Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WebVPN (clientless) + Windows Auth

Hi All,

I've configured SSLVPN on Cisco ASA 5540 to authenticate using Windows AD by providing DomainController information. Though the authentication is working, I'm bit concerned about the security as this method of authentication mechanism would expose remote access to every other account on Windows AD (including service accounts).

Is there a mecahnism / way to restrict the authenticate to specific group of users while using Windows AD for authentication on Cisco ASA for SSLVpn?

Please note: There is no ACS server available on the network.

Appreciate quick help on this,

1 REPLY
New Member

Re: WebVPN (clientless) + Windows Auth

Hi,

Yes, Microsoft IAS would surely be a better solution.

Setting up AAA Radius authenticaton on your 5540 with IAS is not so tough and well documented.

A couple of useful links:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c18ff.shtml

Regarding Microsoft IAS there are tons of HowTo:s and KB-articles describing steb by step how to implement it.

If You use ASA 7.x and SSL/Web VPN is a important feature for you I would really recommend You to take a closer look on 8.x.

Hope this helps in someway.

146
Views
0
Helpful
1
Replies
CreatePlease to create content