Yesterday I integrated a company's remote-access vpn users from a local database on their Cisco ASA to using radius authentication via LDAP. I really like this solution for several reasons. One password for each user instead of two, logging of who logs in and out via VPN, etc. I used IAS on a Microsoft 2003 server. Its free and works great. There is some configuration on the Microsoft server, but I wanted to concentrate on the ASA configuration. Ill assume that you have remote-access already setup on your ASA. I think Ive covered it extensively already on this site. So here is what I did on the ASA for the integration with Active Directory.
tunnel-group testusergroup general-attributes
address-pool remote-access-pool
authentication-server-group LDAP_SRV_GRP
default-group-policy testusergroup
aaa-server LDAP_SRV_GRP protocol ldap
aaa-server LDAP_SRV_GRP (inside) host 192.168.1.2
server-port 389
ldap-base-dn dc=test, dc=com
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password ADpassword
ldap-login-dn skillen@test.com
server-type microsoft
No comments:
Post a Comment
Your comment will be reviewed for approval. Thank you for submitting your comments.