Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
600
Views
0
Helpful
2
Replies

AAA Server Groups

THCox
Level 1
Level 1

‎01-11-2008 08:14 AM - edited ‎03-10-2019 03:35 PM

I am using an Asa 5520 for remote access VPN. We currently use local groups for authenticating users but i would like to use nt domain authentication. I have tested using nt domain authentication using one of our domain controllers but how do i control who is allowed to vpn with the dial in allow option within active directory. Is there a simple way with nt domain authentication or do i need to set it as ldap and so some sort of ldap attribute mapping. It would be great if ldap attribute mapping worked with nt domain authentication. Please help there must be loads of people with this set up.

Labels:
0 Helpful
2 Replies 2

srue
Level 7
Level 7

‎01-11-2008 09:50 AM

Are you using IAS as your RADIUS server?

if you are, you can restrict it according to AD groups. In this case, you just create a security group in AD and add the users you want to be allowed to use the VPN, and then assign the group to your remote access policy in IAS.

0 Helpful

THCox
Level 1
Level 1
In response to srue

‎01-12-2008 03:17 PM

Thanks srue.

No I know its possible with RADIUS but I would like to avoid having to set up an IAS (RADIUS) server.

I have managed to set up ISA 2006 in a test lab and it works perfectly for groups and controlling access but i am thinking an asa 5500 must be able to compete with that without having to use IAS (RADIUS)

I would love to know if anyone uses the NT Domain or LDAP option?

Does the RADIUS method work alright for large amounts of users or can it be slow? I might end up using it if its the most popluar method

0 Helpful
Customers Also Viewed These Support Documents