Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
675
Views
0
Helpful
7
Replies

Single Sign-ON solution with VPN3000 Client

Go to solution
engel
Level 2
Level 2

‎02-02-2003 08:33 PM - edited ‎03-09-2019 01:56 AM

Dear List members,

Anyone know solution for a Windows VPN client logon (NT, 2000, XP, Win98) to be able to login to the VPN3000 Concentrator and at the same time authenticate to the Domain Controller ?

Appreciate for any reply

Best Regards,

Engel

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎02-03-2003 07:27 PM

You can't do this, there's no way the VPN3000 authentication can tie into the Windows NT login. Sorry.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎02-03-2003 07:27 PM

You can't do this, there's no way the VPN3000 authentication can tie into the Windows NT login. Sorry.

0 Helpful

Go to solution
triad
Level 1
Level 1
In response to gfullage

‎11-18-2003 12:34 PM

What if you use a RADIUS server that is provide with Win2K. Will this authentication through radius allow for single logon.

0 Helpful

Go to solution
mostiguy
Level 6
Level 6

‎11-19-2003 05:53 AM

If you log on to a non-locally connected nt/2k/xp pro machine that is part of the domain, with a domain account and password, you should be able to logon with cached credentials. then if you connect to the vpn, you should have immediate access to all network resources. THis only allows people to log on who have previously logged onto the machine though, as it requires cached domain credentials to have been stored on the local box

you can choose to have the vpn client start before the logon screen, but I have not found this to be a reliable solution, but i have not really tried it with the 4.0 client. In theory, this should allow anyone to log on

0 Helpful

Go to solution
engel
Level 2
Level 2
In response to mostiguy

‎11-27-2003 06:38 PM

I think chached credentials still not the solution for "single sign on" . For not so many users, the administrator can handle FAQ and troubleshoot a user`s logon problem. For a big site, load of the administrator to handle request from users that can not logon to the domain through the VPN tunnel will be a headache.

Best Regards,

Engel

0 Helpful

Go to solution
cooper.dave
Level 1
Level 1

‎12-03-2003 02:08 PM

I just saw your message..

We use Cisco Secure ACS and do just that !

0 Helpful

Go to solution
engel
Level 2
Level 2
In response to cooper.dave

‎12-05-2003 12:41 AM

May I know how you configure the VPN client (and the VPN Concentrator), the ACS+ Active Directory to do "Single Sign On" like solution ?

Would be appreciate for any insight.

Regards,

0 Helpful

Go to solution
cooper.dave
Level 1
Level 1
In response to engel

‎12-05-2003 12:43 PM

I'll try.

Local group defined on 3005 is type=external, which have the ACS server as their authentication server. This acts as my group "pre-shared" secret...I am using RADIUS between the 3005 and the ACS Server. The ACS server then points to the AD server, and the user logs in DOMAIN\username. The ACS server definition is Password Auth=external Win2K, group assigned is External auth. This is done after you connect to the AD and select which object you map to for allow. We use 2 things, must be a memeber of VPNGroup, and check box of allow dialin remote...

Does that help ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents