Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
651
Views
0
Helpful
1
Replies

Domain field in Cisco VPN Client authentication against IAS/AD as AAA server

rga-rga-rga
Level 1
Level 1

‎12-11-2010 11:12 AM - edited ‎03-10-2019 05:38 PM

I have set up Cisco ASA 5505 8.0(3) to use RAIUS server

(Microsoft Internet Authentication Service with Active Directory)

to authenticate Cisco VPN Client users.

This is my config lines related to this setup:

aaa-server as_ias_group protocol radius
aaa-server as_ias_group host 192.168.1.1
 key *****
aaa-server as_ias_group host 192.168.1.2
 key *****

and

tunnel-group tg_ra_users type remote-access
tunnel-group tg_ra_users general-attributes
 address-pool ap_users
 authentication-server-group as_ias_group
 default-group-policy gp_users
 password-management password-expire-in-days 7
tunnel-group tg_ra_users ipsec-attributes
 pre-shared-key *****
tunnel-group tg_ra_users ppp-attributes
 no authentication pap
 no authentication chap
 no authentication ms-chap-v1
 authentication ms-chap-v2

Compared to previous setup where authentication against local ASA user database was used
and this dialog window was shown:

cisco-vpn-client-01.png

now when users try to connect using Cisco VPN Client they get dialog window

to enter Username, Password, and Domain:

cisco-vpn-client-02.png

Is there any way to get rid of the Domain field?

I plan to use UPNs (User Principal Name) for authentication
and Domain field would be confusing for my users...

Labels:
0 Helpful
1 Reply 1

Tarik Admani
VIP Alumni
VIP Alumni

‎12-14-2010 03:49 PM

Looks as if your question was answered here:

https://supportforums.cisco.com/message/3248729#3248729

0 Helpful
Customers Also Viewed These Support Documents