cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
460
Views
0
Helpful
2
Replies

asa to IAS Radius authentication

m.egan
Level 1
Level 1

I've got a vpn client authentication working with an ASA running version 8.03 to an MS 2003 IAS server using the following link. http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml

However with this configuration any Domain user can vpn in. How can I limit vpn access based on a Windows group?

2 Replies 2

francisco_1
Level 7
Level 7

You can setup policy under IAS console to permits users who are members of a Active Directory group only to have vpn access. under the new policy setup attributes you can setup so access can be restricted to members of the AD group only.

To define a remote access policy, from the IAS console, right-click Remote Access Policies and click New Remote Access Policy.

In the New Remote Access Policy Wizard, select Set up a custom policy and type a policy name. Click Next.

Under the Policy Conditions box, click Add and then select the Windows-Groups attribute type.

Select the Active Directory user group whose access you want to restrict OR allow access. A summary of conditions to match for this policy is shown. You may add additional groups, but users must be a member of all the groups to be granted access. Click Next.

Select Grant or Deny remote access permission based on the group in AD and click Next.

(Optional)

Click Edit Profile to edit the dial-in properties for the remote access profile. This is where Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP) authentication and VSAs are enabled. Click the Authentication tab and clear the Microsoft Encrypted Authentication check boxes. Select the Encrypted authentication (CHAP) and Unencrypted authentication (PAP, SPAP) check boxes.

you can get some ideas from this link: http://support.citrix.com/article/CTX109039

please rate if this helped

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: