Re: Mapping to Microsoft servers

thomas.green · ‎10-24-2009

We are moving from a 3005 vpn concentrator to an ASA5510 VPN appliance. On the 3005 concentrator we are able to map drives to Microsoft server's without a problem. After logging in successfully on the ASA we attempt to map to the server's BUT we are prompted to login to get the mapped drive. Once we input the AD account and password, we get the mapped drive. We authenticate via Microsoft's IAS radius service. What am I missing?

Thanks

cmcbride · ‎10-26-2009

I'm not an expert on the 3005... But it should have worked the same way as the ASA VPN does regarding Windows server authentication. Meaning that it's not involved for the most part. The ASA will authenticate the connection, but won't authenticate the connecting machine to any windows server. That's the job of the windows workstation and the windows server.

Normally if the machine is a domain machine, has cached user credentials, then it will authenticate to the destination server without prompting for credentials....

thomas.green · ‎10-26-2009

I would have thought it would work the same way as the 3005 as well but it is not. The PC's that we have tested are part of the domain. I have tried secondary authentication via Kerbero's but I still get prompted for a login and password after radius authentication occurs.

b-mcdonald · ‎10-28-2009

You need to setup Auto Sign On. Open your Group Policy, More Options, and ensure your inherit flags are off.

Add the subnets where your authentication servers reside (eg. 10.10.10.0) and it should work.

Cheers,

Brian

thomas.green · ‎10-28-2009

B-Mcdonald,

Isn't auto sign on for Clientless SSL VPN? This problem is occurring with the Cisco IPSEC clients.

thomas.green · ‎11-14-2009

Solution was to upgrade the ASA to version 8.0(4)32 and to add the AD DNS name to the split tunneling DNS name field.