Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Authenticate VPN clients against AD

Hi All,

I have done in the past a configuration where the VPN clients get authenticated against a RADIUS server and uses the credentials from Active Directory.

Now, I need to configure the ASA to authenticate the VPN clients against AD directly. (There's no RADIUS server). Can I do that?

In other words, can I tell the ASA to talk directly to the AD and authenticate the VPN clients without any RADIUS or other server?

If so, is there's a link or configuration example?

Thank you!

1 REPLY

Re: Authenticate VPN clients against AD

Hey, ASA can do this by using either LDAP protocol or authenticate them, Kerberos or NT Domain protocols (the use of either one of these depends on your Windows AD version)

For instance for later Win platforms like 2000 and 2003 LDAP or Kerberos should work, for Old NT environments you can use NT Domain:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/aaa.html

192
Views
0
Helpful
1
Replies
CreatePlease to create content