Can you share the ASA

ken.livingston · ‎11-07-2014

I have taken over the IT work for a company that has a Cisco ASA 5505 in place for allowing off-site VPN access to their Windows network. They have a Windows Server 2000 domain currently. When I took over this network, I noticed that the VPN user names lined up with the user names on the Windows 2000 domain; however, recently I have added a new user to the domain and configured it exactly the same (on the Windows domain server) as another user. I cannot use this new user name to access the Cisco VPN.

I now have access to the Cisco ASA 5505 appliance but I don't have any users configured for VPN access. As far as I can tell, they are still able to access their VPN connections as they always have. But I am not able to add a new VPN user currently.

Can anyone give me any clues on what I am looking for to get a new VPN client setup on this ASA? In addition, we are in planning to update their server to Windows 2012 (or 2008 at the very least) and I will need to know how to get the clients moved over to the new server.

Any help is appreciated.

Ken Livingston

ken@comtextelecom.com

Marvin Rhoads · ‎11-07-2014

Can you share the ASA configuration?

You could have either external authentication to the Windows server as your AAA authentication method or local authentication that has the same usernames. In the case of the former, you could also have group membership as a condition of VPN access.

bberry · ‎12-16-2014

Ken,

My VPN access policies are based upon the users being in specific AD security groups. I do not have any specific users even defined on my ASA.

Brent

Cisco ASA 5505 VPN User account setup