Help - Setting Up Authentication via Active Directory (Group Membership) for IPSEC and WebVPN Client

I was finally able to setup Authentication for IPSEC clients From
Active Directory (Group Membership). I had to do it via ACS (RADIUS).
It seem so complicated for a "common task": i.e. Allow a user to
authenticate to a VPN3K if they belong to a certain Active Directory
Group.

Questions: 1) Has anyone else set this up ?
2) Also , I would like to use the same Authentication
method for WebVPN users. It looks like I will need to setup another
internal group on the VPN3K , and more logic via ACS


Any thoughts would be appreciated.

Thanks,
David

 

Yes I have done this and you could have just used IAS (RADIUS) which comes with
windows 2003 and 2000 server instead of buying ACS.

 

Were you able to get WebVPN working ?

Also any links to specific docs on AD (Groups) & WebVPN ?

Thanks,
David

 

I was just recently able to get the 3005 WEBvpn connecting via IAS
(2000) or AD.
First setup up the AD connection, test auth.
Then set up Webvpn first to use local DB first.
Once you have the Webvpn auth by the local DB, change the order and the
AD should begin authentication.
The key was a statement about global auth. The webvpn doesn't care
about anything other than the global auth.
Here is the link:
http://www.cisco.com/en/US/customer...on_guide_chapter09186a00801f1dd5.html#1002793
Good Luck