asa ra vpn with ad authentication
TRANSCRIPT
![Page 1: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/1.jpg)
Configuring an ASA for remote access VPN with
Windows 2003 Active Directory Authentication
December 21, 2010
![Page 2: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/2.jpg)
Install Internet Authentication Services on a domain controller
Information for installing this service can be found on Microsoft’s Technet site at: http://technet.microsoft.com/en-us/library/cc781690%28WS.10%29.aspx
![Page 3: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/3.jpg)
Launch the IAS MMC
![Page 4: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/4.jpg)
Register the server in Active Directory
O Click on register and go through the wizard.
![Page 5: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/5.jpg)
Install a new RADIUS client
![Page 6: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/6.jpg)
Add name and addressO The name should be something
easily recognizable like Cisco ASAO The address is the IP address of the
inside interface
![Page 7: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/7.jpg)
Name and address
![Page 8: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/8.jpg)
Enter Shared SecretO Click next, and enter the RADIUS
shared secret.
![Page 9: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/9.jpg)
Added RADIUS clientO Click finish, and review the newly
added client.
![Page 10: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/10.jpg)
Add remote access policy
![Page 11: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/11.jpg)
Click Next
![Page 12: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/12.jpg)
Add a policy name
![Page 13: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/13.jpg)
Select VPN radio button
![Page 14: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/14.jpg)
Add AD Group NameO Users with VPN access will need to
be added into this active directory group
![Page 15: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/15.jpg)
Add authentication methodsO Select MS-CHAPv2, and MS-CHAP
![Page 16: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/16.jpg)
Select Encryption Levels
O All encryption levels selected by default
![Page 17: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/17.jpg)
Finish the wizard
![Page 18: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/18.jpg)
Verify RADIUS Ports
![Page 19: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/19.jpg)
RADIUS Ports
![Page 20: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/20.jpg)
Confirm authentication methods
O Edit the properties of the RADIUS client
![Page 21: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/21.jpg)
Select unencrypted authentication
![Page 22: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/22.jpg)
IAS Configuration CompleteO Now, time to add the AAA
configuration in the Cisco ASA
![Page 23: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/23.jpg)
Configure ASA AAAO The host is the address of the server
where IAS was installed and registered
O The key is the shared secret
![Page 24: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/24.jpg)
Verify AD authentication in ASA
O The IP address in the ‘test aaa’ command is the IAS server.
O The test account must be in the AD group added in the IAS policy.
![Page 25: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/25.jpg)
All DoneO Hopefully, it is working for you.O If not, check the event logs on the
IAS server.O Verify the shared secret password
matches on the IAS server and the ASA.
O Verify the IAS service is running.
![Page 26: ASA RA VPN with AD Authentication](https://reader033.vdocuments.site/reader033/viewer/2022042723/58e7af431a28abbb4e8b483d/html5/thumbnails/26.jpg)
Courtesy of DirFlash