Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Configuring Cisco ASA to pull user accounts from AD

                   I'm trying to configure my cisco asa to authenticate with my AD instead of local accounts.  I followed the instructions at http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c3c45.shtml and when i test the server in the AAA server group (which is my windows AD server, i get a successful connection.  However, when i log in to the ssl site for my cisco vpn, it's still not accepting active directory logins, just local.  is there somewhere else i need to bind the aaa server groups?  what else do i need to do?

1 ACCEPTED SOLUTION

Accepted Solutions

Configuring Cisco ASA to pull user accounts from AD

Hi Neal,

Great to hear that , 5 points for the answer, now please mark the question as answered so future users can learn from this problem and answer.

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
6 REPLIES
New Member

Configuring Cisco ASA to pull user accounts from AD

I figured it out.  it was the tunnel lock under the group policies..i hadn't selected the AD connection profile.  it's working now.  thx

Configuring Cisco ASA to pull user accounts from AD

Hi Neal,

Great to hear that , 5 points for the answer, now please mark the question as answered so future users can learn from this problem and answer.

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

Configuring Cisco ASA to pull user accounts from AD

Got another question though....i noticed after i configured the cisco connectionless vpn to use AD accounts, the ssl vpn client (anyconnect) was also trying to use AD accounts.  Are the two interconnected?  is it possible to have ssl vpn (anyconnect vpn) use local accounts and connectionless use AD accounts? 

Configuring Cisco ASA to pull user accounts from AD

Hello Neal,

No, they are not interconnected, both of them can have different authentication methods, you can set this in the tunnel group of each particular vpn protocol, there is going to be an authentication method option that you can set in there,

So you can run a local authentication database for the Anyconnect clients and a LDAP authentication for the SSL clientless users.

Regards,

Rate all the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

Configuring Cisco ASA to pull user accounts from AD

One of the things i noticed is that i had to create an alias for my connect profile to get the AD authentication profile.  Not sure if the group lock was needed or not.  But i notice when i create an alias for my connectionless vpn that that alias also shows on my ssl vpn which i use local accounts for.  The solution was to also create an alias on my local ssl vpn account.   thx

Configuring Cisco ASA to pull user accounts from AD

Hello Neal,

Glad to help

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
1051
Views
5
Helpful
6
Replies
CreatePlease to create content