Cisco Support Community
Community Member

WebVPN using External Authentication

I have a VPN concentrator 3005 that is configured for WebVPN which works great if I login with a local user.

I would like to authenticate my users through our LDAP. I created a SSLusers group that is setup for external authentication. The SSLusers group works fine when I use the Cisco VPN client to connect (I enter the group name/password in the text boxes, when it connects it asks for the username/password).

In the logs it shows that it is checking for the user in the Internal server, I want to point it to my ACS box. I feel like there is a check box somewhere that I am missing that tells the concentrator 'if I can't find the user in my local database, check the external authentication server'.

Any advice on how to get the external authentication working with the WebVPN would be most appreciated. Thanks in advance.

Community Member

Re: WebVPN using External Authentication

I think I found it and seem to be on the right path now. Under System->General->Authentication you can specify group lookup. I'll post more once I have it completely working. Thanks.

Re: WebVPN using External Authentication


On the Base Group add the external server type (SDI, radius, NT) under IPSEC -> Authentication

The server IP will be declared on Configuration -> Servers -> Authentication

Please rate if this helped.



Community Member

Re: WebVPN using External Authentication

Thanks Daniel for the suggestion. I tried to add the above, but still received the same error. Is there an additional checkbox that needs to be marked for the base group to search the radius server?

Authentication rejected: Reason = User was not found

handle = 686, server = Internal, user = bobeldde, domain =

It appears to work ok if I login with 'bobeldde#ssl';where the ssl group is configured for Radius Authentication.

CreatePlease to create content