cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3973
Views
0
Helpful
6
Replies

LDAP requirements for SSL-VPN on ASR 1002

dtochilovsky
Level 1
Level 1

Hello All,

I am planning to implement SSL-VPN (AnyConnect) on an ASR 1002 rputer running IOS-XE Software Version 15.1(3)S2.

I need to use LDAP for user authentication, and need to understand what are RADIUS/TACACS requirements to use LDAP.

Do I need to use Cisco ACS or can I use something like Microsoft IAS or Free Raduis?

Any helo will be greatly appreciated.

Thank you

Dmitry.

2 Accepted Solutions

Accepted Solutions

Jennifer Halim
Cisco Employee
Cisco Employee

Yes, you can use either use LDAP, Radius or Tacacs protocols to authenticate the SSL VPN users.

You can use any authentication server (doesn't need to be Cisco ACS), as long as they supports either of the 3 authentication protocols (ldap, radius or tacacs).

Hope that answers your question.

View solution in original post

6 Replies 6

Jennifer Halim
Cisco Employee
Cisco Employee

Yes, you can use either use LDAP, Radius or Tacacs protocols to authenticate the SSL VPN users.

You can use any authentication server (doesn't need to be Cisco ACS), as long as they supports either of the 3 authentication protocols (ldap, radius or tacacs).

Hope that answers your question.

Thank you Jennifer.

I came across the below configuration guide about SSL VPN on IOS and it states that LDAP is not supported on IOS SSL VPN's. Just wndering if this is in fact true or newer IOS version support LDAP.

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_sslvpn/configuration/15-1mt/sec-conn-sslvpn-ssl-vpn.pdf

     Features Not Supported on the Cisco IOS SSL VPN

     The following features are not supported on the Cisco IOS SSL VPN:

     • Lightweight Directory Access Protocol (LDAP) Support

Dmitry.

Actually, SSL VPN (AnyConnect) is not supported on ASR platform, only on IOS, not on IOS-XE.

I found some information on Flex VPN on the IOS-XE platfrom, how is that differenct from IPSEC VPN?

Thank you very much for the information Jennifer!

Dmitry.