Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1710
Views
0
Helpful
3
Replies

AD Authentication for Client VPN

Go to solution
Vamsi Pinnaka
Level 1
Level 1

‎12-27-2011 03:19 AM - edited ‎03-10-2019 06:39 PM

Hi,

I am using Cisco 1812 as EZVPN server. I want to use Active directory for VPN user authentication. I am trying from couple of days but no success.

With ASA, i am able to authenticate against AD, but not with IOS router. Below are my configurations

aaa authentication login AD krb5

kerberos local-realm THECCIEGROUP.LOCAL

kerberos realm thecciegroup.local THECCIEGROUP.LOCAL

kerberos realm .thecciegroup.local THECCIEGROUP.LOCAL

kerberos server THECCIEGROUP.LOCAL 10.10.102.2

kerberos preauth encrypted-kerberos-timestamp

kerberos credentials forward

If kerberos authentication is not possible, I would like to know the possibility of using AD as ACS external database. I am running both AD and ACS in the same server. If i can integrate AD with ACS, i can use TACACS or RADIUS for the authentication.

Thanks&Regards,

Vamsi Pinnaka

Bangalore.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nicolas Darchis
Cisco Employee
Cisco Employee

‎12-27-2011 04:47 AM

I can answer from the ACS side.

Yes you can integrate ACS with AD and then the switch uses ACS like a radius server. ACS checks AD through kerberos in the backend, transparently.

If you have ACS 4.x running on a Windows PC being a member server of the domain, the integration is automatically done actually.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Nicolas Darchis
Cisco Employee
Cisco Employee

‎12-27-2011 04:47 AM

I can answer from the ACS side.

Yes you can integrate ACS with AD and then the switch uses ACS like a radius server. ACS checks AD through kerberos in the backend, transparently.

If you have ACS 4.x running on a Windows PC being a member server of the domain, the integration is automatically done actually.

0 Helpful

Go to solution
Vamsi Pinnaka
Level 1
Level 1
In response to Nicolas Darchis

‎12-27-2011 05:05 AM

Thanks for your reply. Better i will go with ACS with AD. I can have better authorization features with TACACS...

I will do this and let you know.....

Thanks&Regards,

Vamsi Pinnaka

Bangalore

0 Helpful

Go to solution
Vamsi Pinnaka
Level 1
Level 1
In response to Vamsi Pinnaka

‎12-28-2011 10:04 PM

Working perfectly..... Successfully integrated AD with ACS external database..

Thanks&Regards

Vamsi Pinnaka

Bangalore

0 Helpful
Customers Also Viewed These Support Documents