Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2163
Views
5
Helpful
6
Replies

Configuring Cisco ASA to pull user accounts from AD

Go to solution
nealleslie
Level 1
Level 1

‎08-17-2012 01:49 PM

                   I'm trying to configure my cisco asa to authenticate with my AD instead of local accounts.  I followed the instructions at http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c3c45.shtml and when i test the server in the AAA server group (which is my windows AD server, i get a successful connection.  However, when i log in to the ssl site for my cisco vpn, it's still not accepting active directory logins, just local.  is there somewhere else i need to bind the aaa server groups?  what else do i need to do?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to nealleslie

‎08-18-2012 11:43 PM

Hi Neal,

Great to hear that , 5 points for the answer, now please mark the question as answered so future users can learn from this problem and answer.

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
6 Replies 6

Go to solution
nealleslie
Level 1
Level 1

‎08-18-2012 01:43 PM

I figured it out.  it was the tunnel lock under the group policies..i hadn't selected the AD connection profile.  it's working now.  thx

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to nealleslie

‎08-18-2012 11:43 PM

Hi Neal,

Great to hear that , 5 points for the answer, now please mark the question as answered so future users can learn from this problem and answer.

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
nealleslie
Level 1
Level 1
In response to Julio Carvajal

‎08-19-2012 08:44 AM

Got another question though....i noticed after i configured the cisco connectionless vpn to use AD accounts, the ssl vpn client (anyconnect) was also trying to use AD accounts.  Are the two interconnected?  is it possible to have ssl vpn (anyconnect vpn) use local accounts and connectionless use AD accounts? 

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to nealleslie

‎08-19-2012 10:33 AM

Hello Neal,

No, they are not interconnected, both of them can have different authentication methods, you can set this in the tunnel group of each particular vpn protocol, there is going to be an authentication method option that you can set in there,

So you can run a local authentication database for the Anyconnect clients and a LDAP authentication for the SSL clientless users.

Regards,

Rate all the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
nealleslie
Level 1
Level 1
In response to Julio Carvajal

‎08-20-2012 08:43 AM

One of the things i noticed is that i had to create an alias for my connect profile to get the AD authentication profile.  Not sure if the group lock was needed or not.  But i notice when i create an alias for my connectionless vpn that that alias also shows on my ssl vpn which i use local accounts for.  The solution was to also create an alias on my local ssl vpn account.   thx

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to nealleslie

‎08-20-2012 09:36 AM

Hello Neal,

Glad to help

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents