Re: VPN client authentication againts Active Directory - Page 2

sroberts · ‎10-14-2005

Hi,

I need to know how to configure the VPN client to authenticate againts active directory for the VPN authentication.

We got the latest vpn client software with a ASA5510 running version 7.0

Can we do this without the IAS radius server?

Do you have an example of how to configure the ASA5510 for that?

Do we have to do something on the active directory to make it work

Thanks for any replies!!

baudhayan · ‎06-06-2007

VPN client software has nothing to do with VPN authentication. VPN authentication is handled at the point where VPN connection is terminated, in your case its ASA. As far as my knowledge goes, you don't require the IAS Server for authentication with ASA5510, as ASA has inbuilt support for Active Directory/LDAP/NTLM. If you select the Active Directory option you just need to specify the domain name & I don't recollect any further settings. Just tweak a bit & you will definitely be successful. Its pretty simple. In case you have any further doubts do revert back.

Thanks & Regards,

Baudhayan Lahiri

An IDEA can change ur life !!!!!

cquick11 · ‎08-14-2007

With that current setup, you can't restrict which users in your domain. Is there a way to restrict which users can be authorized to access the VPN?

ciscors · ‎10-22-2007

John, did you get authorization to work with this? Did the dial-in attribute help with allowing only certain users VPN access?

thank you

dirkmelvin · ‎05-11-2009

Did anyone ever officially answer this? I am in the same boat of trying to setup VPN access to authenticate through AD. I have it working great, but the only issue now is "how to restrict who can actually login to the VPN." I don't want everyone who has an AD account to be able to VPN in to the company. That is BEGGING for trouble. I want to be able to use AD to allow or deny the VPN login.

charlesdf22 · ‎06-22-2010

Did you ever get a response on how to get this working? Cisco's docs don't work and I'm in the same boat.