11-28-2016 11:32 AM
I have a small business client that is currently set up with a Cisco ASA 5505 as their firewall/VPN device.
I'm in the process of migrating various things to a brand new Active Directory domain (Windows Server 2012r2) that I've built, however it will take some time to get everything migrated.
Currently they use local accounts on the ASA to authenticate their AnyConnect clients when connecting via VPN.
I want to set up RADIUS/VPN between the new AD domain and the ASA. I've got everything configured on the Windows side, and have the key, etc set up on the ASA side as well.
So, to complete this, without disabling the current tunnel group/LOCAL authentication on the Cisco, I "think" I just need to create a completely new tunnel group? Am I right in thinking that this will give them an additional option in the AnyConnect "Group" box when they try to connect?
Just want to verify that this is:
Solved! Go to Solution.
11-28-2016 03:07 PM
With a new tunnel group and a new tunnel group policy you should be able to test authentication for the new profile with Radius/AD without any impact to the users on the existing profile.
HTH
Rick
11-28-2016 03:07 PM
With a new tunnel group and a new tunnel group policy you should be able to test authentication for the new profile with Radius/AD without any impact to the users on the existing profile.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide