VPN账号管理问题

seasonli72658 · ‎03-04-2020

我现在搭建了FreeRadius+Daloradius Web管理的服务，想用他来管理remoter vpn账号的开立，和有效期的控制，但是搭建完发现不知道怎么和cisco防火墙5515集成一起用，我在

FreeRadius的系统中开立账号后，用户就可以用这个账户来登录VPN了，这样可以实现吗。

Rockyw · ‎03-09-2020

楼主看看下面的文档有没有帮助
ASA VPN User Authentication against Windows 2008 NPS Server (Active Directory) with RADIUS Configuration Example
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/117641-config-asa-00.html

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rockyw | If it solves your problem, please mark as answer. Thanks !

Rockyw · ‎03-09-2020

下面这一篇也可以看看
Chapter: Configuring RADIUS Servers for AAA
https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/aaa_radius.html

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rockyw | If it solves your problem, please mark as answer. Thanks !

Wubin2010 · ‎03-09-2020

做AAA呗，FW上指个radius server，用户名密码从radius上取就行了，比较容易实现的

seasonli72658 · ‎03-09-2020

本帖最后由 seasonli72658 于 2020-3-10 13:38 编辑

Wubin2010 发表于 2020-3-10 13:15
做AAA呗，FW上指个radius server，用户名密码从radius上取就行了，比较容易实现的

这个是不是只能做网络的准入呢，不能vpn的认证

seasonli72658 · ‎03-09-2020

Rocky 发表于 2020-3-9 23:48
下面这一篇也可以看看
Chapter: Configuring RADIUS Servers for AAA
https://www.cisco.com/c/en/us/td/ ...

这个好像是只能做网络的准入，不能做VPN的认证

cisco.feng · ‎03-10-2020

seasonli72658 发表于 2020-3-10 13:37
这个好像是只能做网络的准入，不能做VPN的认证

Rockyw · ‎03-10-2020

ASA 8.0: Configure RADIUS Authentication for WebVPN Users
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98594-configure-radius-authentication.html
这一篇看看有没有用
Cisco ASA VPN with RADIUS auth, locking usernames to a specific vpn group-policy
https://arstechnica.com/civis/viewtopic.php?t=1109137
这一篇有个ASA 5510 8.2+RADIUS Server (Freeradius + MySQL)例子可以参考一下。

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rockyw | If it solves your problem, please mark as answer. Thanks !