Integrating Microsoft NAP with Cisco ASA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2013 05:07 AM - edited 03-10-2019 08:40 PM
Hello everyone,
I'm quite new to the Cisco world. I wonder if and how it is possible to marry Cisco ASA with Microsoft NAP (in Terms of VPN Enforcement). Does anybody know some helpful documents? Is an ACS Server/Appliance necessary?
Thanks in advance and kind regards
- Labels:
-
AAA

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2013 05:33 AM
No, you don't need acs if you want to integrate asa with nps for vpn and adminiterative (telnet/ssh) access. With Microsoft nps you just can't configure Tacacs related features like command authorization and command accounting. I will try to post a document/link for your reference.
Sent from Cisco Technical Support Android App
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2013 06:48 AM
Hello Jatin,
thanks so much for your fast reply.
What is with Microsoft NAP (Network Access Protection), does this also work (Here are some Client-Components involved like System Health Validators and so on)?
Kind regards

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2013 06:52 AM
You just need NPS (Network Policy server) to act as a radius server.
http://technet.microsoft.com/library/cc732912.aspx
~BR
Jatin Katyal
**Do rate helpful posts**

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2013 11:51 AM
Please post here if you have any further queries.
~BR
Jatin Katyal
**Do rate helpful posts**
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-24-2013 03:41 AM
Hello Jatin,
thanks for your reply.
Microsoft states that authentication via PEAP is necessary for NAP to work:
"One security feature of PEAP is the transmission of Statement of Health (SoH) messages."
However, I found this topic which states that PEAP auth. is not possible with the ASA: https://supportforums.cisco.com/thread/2028742
Is that true?
