Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2073
Views
0
Helpful
5
Replies

Accessing Active Directory files through SSL VPN

sahmad
Level 1
Level 1

‎09-30-2013 07:18 PM

Hello,

We have been running Barracuda VPN appliance and would like to start using Cisco's VPN(AnyConnect) options. I have set up everything and am able to connect through AnyConnect VPN tunnel. My question is that, in Barracuda we used "Lan1 Client" to automatically map the active directory user drives and those files show up in My Computer under those drives. What do we need to do to get those drives without having to join the domain using Cisco ASA?

I looked through all over but haven't found any documents or discussion regarding this. I will greatly appreciate any feedback.

Labels:
0 Helpful
5 Replies 5

andrew.prince
Level 10
Level 10

‎09-30-2013 11:37 PM

AnyConnect carries on the Cisco tradition of "SBL" Start Before Logon" the user has to initiate the AnyConnect VPN before they logon and anuthenticate to the machine.  SBL allows a VPN to be connected to the corperate environment - once connected the user logs in like they were connected on the LAN, all drives and services work as normal.

See the below link....

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809f0d75.shtml

I finished a project 3 months ago to roll this out for 5000+ users - it works very well.

0 Helpful

sahmad
Level 1
Level 1
In response to andrew.prince

‎10-02-2013 11:49 AM

Thanks Andrew. Just to clarify, Does this method still require the remote client to join the Domain? I didn't see this information.

0 Helpful

andrew.prince
Level 10
Level 10
In response to sahmad

‎10-03-2013 01:14 AM

Hi,

Yes - ideally the machine would already be part of the domain. And the user has their credentials cached on the machine.  When logged into the SBL, the machine looks like its locally connected on the LAN and the domain.

0 Helpful

sahmad
Level 1
Level 1
In response to andrew.prince

‎10-04-2013 01:15 PM

Hi Andrew,

Thank you. I have set it up however, it is giving me this error when I try to use SBL feature:

"AnyConnect cannot confirm it is connected to your secure gateway. The local network  may not be trustworthy. Please try another network."

It has something to do with the certificate but I haven't been able to fix it. Most of the solutions on the web are for Linux.

0 Helpful

andrew.prince
Level 10
Level 10
In response to sahmad

‎10-07-2013 10:59 AM

HI,

You need to do 2 things:-

1) create a "persistant self signed certificate in the ASA" - see below URL.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml

2) Once you have the cert - you need to install them in the laptops "local machine certificate store"

The certificate cannot be installed in any other location - as the anyconnect software needs to access the machine, before anyone logs in.....

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents