Upload
dirflash
View
2.715
Download
2
Embed Size (px)
Citation preview
Configuring an ASA for remote access VPN with
Windows 2003 Active Directory Authentication
December 21, 2010
Install Internet Authentication Services on a domain controller
Information for installing this service can be found on Microsoft’s Technet site at: http://technet.microsoft.com/en-us/library/cc781690%28WS.10%29.aspx
Launch the IAS MMC
Register the server in Active Directory
O Click on register and go through the wizard.
Install a new RADIUS client
Add name and addressO The name should be something
easily recognizable like Cisco ASAO The address is the IP address of the
inside interface
Name and address
Enter Shared SecretO Click next, and enter the RADIUS
shared secret.
Added RADIUS clientO Click finish, and review the newly
added client.
Add remote access policy
Click Next
Add a policy name
Select VPN radio button
Add AD Group NameO Users with VPN access will need to
be added into this active directory group
Add authentication methodsO Select MS-CHAPv2, and MS-CHAP
Select Encryption Levels
O All encryption levels selected by default
Finish the wizard
Verify RADIUS Ports
RADIUS Ports
Confirm authentication methods
O Edit the properties of the RADIUS client
Select unencrypted authentication
IAS Configuration CompleteO Now, time to add the AAA
configuration in the Cisco ASA
Configure ASA AAAO The host is the address of the server
where IAS was installed and registered
O The key is the shared secret
Verify AD authentication in ASA
O The IP address in the ‘test aaa’ command is the IAS server.
O The test account must be in the AD group added in the IAS policy.
All DoneO Hopefully, it is working for you.O If not, check the event logs on the
IAS server.O Verify the shared secret password
matches on the IAS server and the ASA.
O Verify the IAS service is running.
Courtesy of DirFlash