Setting up your Cisco ASA VPN connection to use MS Active Directory for Authentication and Authorization is not that hard, just a little bit confusing at first.
First, you will need to setup the LDAP AAA server on the ASA. Read the following link from Cisco.com on how to setup the LDAP AAA Server.
The instructions are pretty much correct except with newer ASDM software, the IETF-Radius-Class is moved to “Group Policy”.
*Important: Make sure your LDAP information are correct. E.g. CN and DN information. Like cn=ciscotest,ou=testuser,dc=testdomain,dc=com
You can setup Active Directory Mapping to map AD security groups to your ASA box. This way you can control who will have VPN access by adding users a security group.
Related Tech posts:
- How to delegate administrative task in Active Directory?
- Best Practice Active Directory Design
- How to add Users to a Cisco router?
- How to delete a Domain Controller in a Windows 2008 Active Directory?
- How to remove a dead Domain Controller from Active Directory?
- Event ID 2886
- Event ID 2887
- How to display password expiry date for all users in Active Directory
- How to remove Exchange 2007 Server Roles?
- Event ID 20209 Error
