Help - Setting Up Authentication via Active Directory (Group Membership) for IPSEC and WebVPN Client

Discussion in 'Cisco' started by webspider, Nov 4, 2004.

  1. webspider

    webspider Guest

    I was finally able to setup Authentication for IPSEC clients From
    Active Directory (Group Membership). I had to do it via ACS (RADIUS).
    It seem so complicated for a "common task": i.e. Allow a user to
    authenticate to a VPN3K if they belong to a certain Active Directory
    Group.

    Questions: 1) Has anyone else set this up ?
    2) Also , I would like to use the same Authentication
    method for WebVPN users. It looks like I will need to setup another
    internal group on the VPN3K , and more logic via ACS


    Any thoughts would be appreciated.

    Thanks,
    David
     
    webspider, Nov 4, 2004
    #1
    1. Advertisements

  2. webspider

    juniperr Guest

    Yes I have done this and you could have just used IAS (RADIUS) which comes with
    windows 2003 and 2000 server instead of buying ACS.
     
    juniperr, Nov 4, 2004
    #2
    1. Advertisements

  3. webspider

    webspider Guest

    Were you able to get WebVPN working ?

    Also any links to specific docs on AD (Groups) & WebVPN ?

    Thanks,
    David
     
    webspider, Nov 5, 2004
    #3
  4. webspider

    ikeloser Guest

    I was just recently able to get the 3005 WEBvpn connecting via IAS
    (2000) or AD.
    First setup up the AD connection, test auth.
    Then set up Webvpn first to use local DB first.
    Once you have the Webvpn auth by the local DB, change the order and the
    AD should begin authentication.
    The key was a statement about global auth. The webvpn doesn't care
    about anything other than the global auth.
    Here is the link:
    http://www.cisco.com/en/US/customer...on_guide_chapter09186a00801f1dd5.html#1002793
    Good Luck
     
    ikeloser, Dec 15, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.