Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

3005 VPN - Active Directory Authentication

Hello,

I'm a novice admin for Cisco VPN 3005 concentrator. How do I setup a Active Directory authentication so that remote users are authenticated and login scripts are executed?

Can this be authenticated to Windows Server 2008 R2?

Client: XP SP2/SP3

Thanks

Kris

2 REPLIES
New Member

Re: 3005 VPN - Active Directory Authentication

New Member

Re: 3005 VPN - Active Directory Authentication

you can also use radius, i believe in server 2008 its called Network policy server.  You can have it answer back not only a yes or no, but the AD group

as well.  Lets say you wanted policies for 3 groups

Marketing

Sales

Domain admins

each of these would have a radius policy, and if someone was a member of marketing, NPS/IAS(if server 2003) would answer back with the group name, which would correspond with the group policy name in the 3005(they dont necessarily have to match, if you want marketing to be in a group on the 3005 called limited etc.  I do remember this was a tad tricky to configure on the 3005, but I had it working a while ago just like this, and was able to use one ipsec group but different policies based on the radius response.  I defined the policy groups(IP assignments, allowed subents etc) on the 3005.

913
Views
5
Helpful
2
Replies