08-17-2012 01:49 PM
I'm trying to configure my cisco asa to authenticate with my AD instead of local accounts. I followed the instructions at http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c3c45.shtml and when i test the server in the AAA server group (which is my windows AD server, i get a successful connection. However, when i log in to the ssl site for my cisco vpn, it's still not accepting active directory logins, just local. is there somewhere else i need to bind the aaa server groups? what else do i need to do?
Solved! Go to Solution.
08-18-2012 11:43 PM
Hi Neal,
Great to hear that , 5 points for the answer, now please mark the question as answered so future users can learn from this problem and answer.
Regards,
08-18-2012 01:43 PM
I figured it out. it was the tunnel lock under the group policies..i hadn't selected the AD connection profile. it's working now. thx
08-18-2012 11:43 PM
Hi Neal,
Great to hear that , 5 points for the answer, now please mark the question as answered so future users can learn from this problem and answer.
Regards,
08-19-2012 08:44 AM
Got another question though....i noticed after i configured the cisco connectionless vpn to use AD accounts, the ssl vpn client (anyconnect) was also trying to use AD accounts. Are the two interconnected? is it possible to have ssl vpn (anyconnect vpn) use local accounts and connectionless use AD accounts?
08-19-2012 10:33 AM
Hello Neal,
No, they are not interconnected, both of them can have different authentication methods, you can set this in the tunnel group of each particular vpn protocol, there is going to be an authentication method option that you can set in there,
So you can run a local authentication database for the Anyconnect clients and a LDAP authentication for the SSL clientless users.
Regards,
Rate all the helpful posts
08-20-2012 08:43 AM
One of the things i noticed is that i had to create an alias for my connect profile to get the AD authentication profile. Not sure if the group lock was needed or not. But i notice when i create an alias for my connectionless vpn that that alias also shows on my ssl vpn which i use local accounts for. The solution was to also create an alias on my local ssl vpn account. thx
08-20-2012 09:36 AM
Hello Neal,
Glad to help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide