VPN Radius Authentication

Dan Loring · ‎08-30-2012

We are in the process of upgrading our AD to 2008. So we are building a new Schema Master Grand Pooba AD server with a new IP address, the old address will be demoted. Unfortunately we have our AAA Server Group using radius to authenticate off this old server for our VPN users. I went to Configuration > Remote Access VPN > AAA/Local Users > AAA Server Groups > AuthInBound on the ASA5510 ASDM ver(6.4(9)) and went to add our new AD Server as the AAA server for VPN and it is asking for a server secret key and Common password?? Anyone know where we go to generate this server secret key and a common password??

Thanks,

Dan

Julio Carvajal · ‎08-30-2012

Hello Dan,

You need to add the radius client to the IAS ( Internet Authentication Sevice)

Add a client to your radius – In the IAS MMC, right-click on the “Radius Clients” branch and choose “New Radius Client” Enter the Display anem and IP address of the device, click next. Change the Vendor to “Cisco” and enter your shared secret (keep a note of this for later)

This link might help you:

http://briandesmond.com/blog/how-to-authenticate-against-active-directory-from-cisco-ios/

Regards,

Remember to rate all the helpful posts, that is as important as a thanks

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC