ASA 5510 and MS IAS

[Daveyd123]

I have the IAS server setup and can run a successful authentication test to the IAS server. The IAS server has been registered in AD... But I must have something configured wrong as no Active Directory user can log onto the SSL VPN.

My overall goal is to have the IAS server authenticate the SSL VPN clients via Active Directory...then look to the ASA to get the Group Policy settings (IP address, Split Tunneling, etc) and the IAS server to record login/logoff times, bandwidth, etc.

Does anyone have any incite on setting up a 5510 to use IAS for ASA SSL VPN connections?

 

[NetworkGhost]

Make sure in Active Directory the users account allows dialin connections.

http://www.cisco.com/en/US/products...s_configuration_example09186a00806de37e.shtml

Free Firewall/Network/Systems Support-

http://firewalls.ath.cx

 

[Daveyd123]

They do...I just need to figure out how to map the Active Directory groups to the ASA so users in those groups can get the group policy settings I define on the ASA

I saw that doc and it pretains to the VPN client whereas I am using the SSL client. That also doens help me with the different VPN users needing differnet VPN policies when they log on. It is informative though

 

[NetworkGhost]

Ah, Ok. You can use LDAP maps to query the DN string of the user.

http://www.cisco.com/en/US/docs/sec...1/selected_procedures/asdmldap.html#wp1032929

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008089149d.shtml

Free Firewall/Network/Systems Support-

http://firewalls.ath.cx

 

[Daveyd123]

THanks for the info...I'll read the articles. I assume that this all ties in with the IAS server?

 

[NetworkGhost]

This is actually using LDAP to the AD Server.

Free Firewall/Network/Systems Support-

http://firewalls.ath.cx

 

[Daveyd123]

I need to somehow incorporate the IAS server to authenticate the AD users for VPN access as well as track VPN usage and login/logoff times