Yesterday I integrated a company's remote-access vpn users from a local database on their Cisco ASA to using radius authentication via LDAP. I really like this solution for several reasons. One password for each user instead of two, logging of who logs in and out via VPN, etc. I used IAS on a Microsoft 2003 server. Its free and works great. There is some configuration on the Microsoft server, but I wanted to concentrate on the ASA configuration. Ill assume that you have remote-access already setup on your ASA. I think Ive covered it extensively already on this site. So here is what I did on the ASA for the integration with Active Directory.
tunnel-group testusergroup general-attributes
address-pool remote-access-pool
authentication-server-group LDAP_SRV_GRP
default-group-policy testusergroup
aaa-server LDAP_SRV_GRP protocol ldap
aaa-server LDAP_SRV_GRP (inside) host 192.168.1.2
server-port 389
ldap-base-dn dc=test, dc=com
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password ADpassword
ldap-login-dn skillen@test.com
server-type microsoft
This is the White Rhino Security blog, an IT technical blog about configs and topics related to the Network and Security Engineer working with Cisco, Brocade, Check Point, and Palo Alto and Sonicwall. I hope this blog serves you well. -- May The Lord bless you and keep you. May He shine His face upon you, and bring you peace.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Your comment will be reviewed for approval. Thank you for submitting your comments.