Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Mapping to Microsoft servers

We are moving from a 3005 vpn concentrator to an ASA5510 VPN appliance. On the 3005 concentrator we are able to map drives to Microsoft server's without a problem. After logging in successfully on the ASA we attempt to map to the server's BUT we are prompted to login to get the mapped drive. Once we input the AD account and password, we get the mapped drive. We authenticate via Microsoft's IAS radius service. What am I missing?

Thanks

5 REPLIES
Community Member

Re: Mapping to Microsoft servers

I'm not an expert on the 3005... But it should have worked the same way as the ASA VPN does regarding Windows server authentication. Meaning that it's not involved for the most part. The ASA will authenticate the connection, but won't authenticate the connecting machine to any windows server. That's the job of the windows workstation and the windows server.

Normally if the machine is a domain machine, has cached user credentials, then it will authenticate to the destination server without prompting for credentials....

Community Member

Re: Mapping to Microsoft servers

I would have thought it would work the same way as the 3005 as well but it is not. The PC's that we have tested are part of the domain. I have tried secondary authentication via Kerbero's but I still get prompted for a login and password after radius authentication occurs.

Community Member

Re: Mapping to Microsoft servers

You need to setup Auto Sign On. Open your Group Policy, More Options, and ensure your inherit flags are off.

Add the subnets where your authentication servers reside (eg. 10.10.10.0) and it should work.

Cheers,

Brian

Community Member

Re: Mapping to Microsoft servers

B-Mcdonald,

Isn't auto sign on for Clientless SSL VPN? This problem is occurring with the Cisco IPSEC clients.

Community Member

Re: Mapping to Microsoft servers

Solution was to upgrade the ASA to version 8.0(4)32 and to add the AD DNS name to the split tunneling DNS name field.

138
Views
0
Helpful
5
Replies
CreatePlease to create content