- Help - Setting Up Authentication via Active Directory (Group Membership) for IPSEC and WebVPN Clients on VPN3K
- Posted by webspider on November 4th, 2004
I was finally able to setup Authentication for IPSEC clients From
Active Directory (Group Membership). I had to do it via ACS (RADIUS).
It seem so complicated for a "common task": i.e. Allow a user to
authenticate to a VPN3K if they belong to a certain Active Directory
Group.
Questions: 1) Has anyone else set this up ?
2) Also , I would like to use the same Authentication
method for WebVPN users. It looks like I will need to setup another
internal group on the VPN3K , and more logic via ACS
Any thoughts would be appreciated.
Thanks,
David
- Posted by juniperr on November 4th, 2004
Yes I have done this and you could have just used IAS (RADIUS) which comes with
windows 2003 and 2000 server instead of buying ACS.
webspider <123@aol.com> wrote in message news:<6b4jo01e5od6kof9eidblq05jpeph0dpst@4ax.com>. ..
- Posted by webspider on November 5th, 2004
On 4 Nov 2004 12:06:40 -0800, jfoor@ureach.com (juniperr) wrote:
Were you able to get WebVPN working ?
Also any links to specific docs on AD (Groups) & WebVPN ?
Thanks,
David
- Posted by ikeloser@gmail.com on December 15th, 2004
I was just recently able to get the 3005 WEBvpn connecting via IAS
(2000) or AD.
First setup up the AD connection, test auth.
Then set up Webvpn first to use local DB first.
Once you have the Webvpn auth by the local DB, change the order and the
AD should begin authentication.
The key was a statement about global auth. The webvpn doesn't care
about anything other than the global auth.
Here is the link:
http://www.cisco.com/en/US/customer/...5.html#1002793
Good Luck
