We have a SA 520 appliance and it has worked perfectly until recently. We can no longer log in using the accounts from the Active Directory. I can log in using the local admin account but not the AD accounts. Any thoughts? Or more details needed? Thanks
I don't know your current config so let me explain how to setup the ADS connection from scratch.
Please double check and let me know if something is wrong or missing within your config.
1. Create a SSL-VPN Portal
VPN – SSL VPN Server – Portal Layouts ---> ADD
(Type someting within and make sure you select the SSLVPN* as default site)
2. Assign the portal to the ADS
Administration - Users - Domains ---> ADD
Now it is important that you know what kind of roles your domain contollers will have. If you have only one than everything is find. If you have more than one you need to find which one provides the RID MASTER ROLE.
If you know this server DON'T USE THE NAME - use the IP ADDRESS of this server.
Now assign the portal to the domain, fill in the IP address of your responsible DC and in the last line type your FQDN for the active directory domain. As authentication you have to choose Active Directory.
Administratoion - Users - Users
Not everybody within the ADS is automatically allowed to use VPN. You need to create the user which is allowed to use SSL-VPN. I don't know why CISCO will not provide an option to solve this via an ADS group but it seems the SMB market will be ignored.
Now choose an user form the ADS. Important is the login name, first name and last name.
When you create an user within the SA5xx and you will choose ADS authentication this will be a path-through authentication. You can create an user but you are not able to assign an password.
The next problem is the option "AUTHENTICATION SERVER". I don't know who is responsible for the manual of the SA5xx but from my point of view this are essential information to use the IP instead the FQDN of the Server. And if you choose an domain controller make sure that this domain controller will have the role which is responsible for authentication.
If you have done all this stepps it must work! BUT - you need to choose the right portal to login! ;-)
Hi Guys, These are some steps in order to configure and active web
security in your devices (Protect Link).I hope this is helpful to
youGreetings, Johnnatan Rodriguez Miranda. Cisco Network Support
Engineer.Cisco has a very useful tool called GuideMe, is ...
A VPN or Virtual Private Network is a secure network over an unsecure
environment like internet. The VPN allows the remote clients to access
the internal network resources (private network) over the Internet
(public). These are the most common VPN article...
ISA500 series small business integrated security appliances can be
accessed, monitored and managed remotely. The below articles will give
you an insight of remote administration settings on ISA500 series
devicesCisco OnPlus Settings on ISA500 Series Integ...