cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1146
Views
0
Helpful
5
Replies
Highlighted
Beginner

Accessing Active Directory files through SSL VPN

Hello,

We have been running Barracuda VPN appliance and would like to start using Cisco's VPN(AnyConnect) options. I have set up everything and am able to connect through AnyConnect VPN tunnel. My question is that, in Barracuda we used "Lan1 Client" to automatically map the active directory user drives and those files show up in My Computer under those drives. What do we need to do to get those drives without having to join the domain using Cisco ASA?

I looked through all over but haven't found any documents or discussion regarding this. I will greatly appreciate any feedback.

5 REPLIES 5
Highlighted
Advocate

AnyConnect carries on the Cisco tradition of "SBL" Start Before Logon" the user has to initiate the AnyConnect VPN before they logon and anuthenticate to the machine.  SBL allows a VPN to be connected to the corperate environment - once connected the user logs in like they were connected on the LAN, all drives and services work as normal.

See the below link....

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809f0d75.shtml

I finished a project 3 months ago to roll this out for 5000+ users - it works very well.

Highlighted

Thanks Andrew. Just to clarify, Does this method still require the remote client to join the Domain? I didn't see this information.

Highlighted

Hi,

Yes - ideally the machine would already be part of the domain. And the user has their credentials cached on the machine.  When logged into the SBL, the machine looks like its locally connected on the LAN and the domain.

Highlighted

Hi Andrew,

Thank you. I have set it up however, it is giving me this error when I try to use SBL feature:

"AnyConnect cannot confirm it is connected to your secure gateway. The local network  may not be trustworthy. Please try another network."

It has something to do with the certificate but I haven't been able to fix it. Most of the solutions on the web are for Linux.

Highlighted

HI,

You need to do 2 things:-

1) create a "persistant self signed certificate in the ASA" - see below URL.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml

2) Once you have the cert - you need to install them in the laptops "local machine certificate store"

The certificate cannot be installed in any other location - as the anyconnect software needs to access the machine, before anyone logs in.....

Content for Community-Ad