|
#1
29th March 2016, 01:02 PM
| |||
| |||
| CISCO VPN IAS Configuration
Hi I would like to know how to use Microsoft IAS with Cisco VPN Concentrator/ASA/PIX, please guide?
|
|
#2
29th March 2016, 01:02 PM
| |||
| |||
| Re: CISCO VPN IAS Configuration
VPN setup demonstrates to utilize IAS with VPN concentrator, ASA, or PIX. Essentially, every VPN client associates with the same PCF record and goes into a gathering. At the point when their username gets confirmed with ActiveDirectory, AD gives back a gathering name to the CVPN/ASA/PIX, and the pix places them in that gathering. Below is the process provided for using Microsoft IAS with Cisco VPN Concentrator/ASA/PIX: VPN Concentrator(s) setup Example: – Login to concentrator/ASA. – Duplicate the steps below on BOTH ASA/concentrators. – Go to configuration > policy mgmt > traffic mgmt > network lists. – Add – name: “g_Radius_VPN” – Enter hosts/networks “10.224.3.3/0.0.0.0” – Add – Go to configuration > user managment > groups. – Add group – Group name: “g_Radius_VPN” – Password: [password] – Verify: [password] – Type: internal – Go to: Client Config TAB – Split Tunneling Policy – Check: only tunnel networks in the list – Split Tunneling List – Choose: g_Radius_VPN – Add – SAVE CONFIGURATION SETTINGS AD User / Group Setup – Log in to Domain Controller – Go to: Active Director Users and Computers – OU: austin.mgam > Radius – Add group – “g_Radius_VPN – OU: austin.mgam > Vendor – Add user – User name: – Next – Password: [user password] – Uncheck: User must change password at next login – Check: user cannot change password – Check: password never expires – Finish – Open properties for user: [Temporary] – Member Of TAB – Add – “g_Radius_VPN_[Temporary]” – OK – Choose “g_Radius_VPN_[Temporary]” – Click Set Primary Group – Remove “Domain Users” group – OK Radius / IAS Setup example – Log in to Radius Server – Go to: Internet Authentication Service – Open Remote Access Policy – Create New Remote Access Policy – Next – Set up a custom policy – Name: “g_Radius_VPN_[Temporary]” – Next – Add policy conditions – Windows-Group = “g_Radius_VPN_[Temporary]” – Client-Friendly-Name = “AusVPN” – Next – Grant remote access permission – Next – Edit Profile – Advanced TAB – Remove Service-Type – Remove Framed-Protocol – Add – Class – “OU=g_Radius_VPN_[Temporary];” – Next – Finish – Move policy down to be within the group of other “g_Radiuis_VPN_XXXXX” policys Test account on both VPN’s before deploying to user, |
| |