cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
1799
Views
5
Helpful
5
Replies

Integrating Microsoft NAP with Cisco ASA

Sleepw4lker
Level 1
Level 1

Hello everyone,

I'm quite new to the Cisco world. I wonder if and how it is possible to marry Cisco ASA with Microsoft NAP (in Terms of VPN Enforcement). Does anybody know some helpful documents? Is an ACS Server/Appliance necessary?

Thanks in advance and kind regards

5 Replies 5

Jatin Katyal
Cisco Employee
Cisco Employee

No, you don't need acs if you want to integrate asa with nps for vpn and adminiterative (telnet/ssh) access. With Microsoft nps you just can't configure Tacacs related features like command authorization and command accounting. I will try to post a document/link for your reference.


Sent from Cisco Technical Support Android App

~Jatin

Hello Jatin,

thanks so much for your fast reply.

What is with Microsoft NAP (Network Access Protection), does this also work (Here are some Client-Components involved like System Health Validators and so on)?

Kind regards

You just need NPS (Network Policy server) to act as a radius server.

http://technet.microsoft.com/library/cc732912.aspx

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Please post here if you have any further queries.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Hello Jatin,

thanks for your reply.

Microsoft states that authentication via PEAP is necessary for NAP to work:

"One security feature of PEAP is the transmission of Statement of Health (SoH) messages."

(see http://blogs.msdn.com/b/openspecification/archive/2009/06/05/peap-phase-2-encapsulation-examples-for-a-client-authenticating-with-ms-chapv2.aspx?Redirected=true)

However, I found this topic which states that PEAP auth. is not possible with the ASA: https://supportforums.cisco.com/thread/2028742

Is that true?