How to Use Active Directory and LDAP to Authenticate Cisco ASA VPN Users: Cisco ASA Training 101

Рет қаралды 88,632

Күн бұрын

www.soundtraini...-cisco-asa-training-101 In this Cisco ASA tutorial, IT author-speaker Don R. Crawley shows you how to configure a Cisco ASA Security Appliance to support integration with Active Directory for VPN user authentication using LDAP. By implementing this configuration, remote users can authenticate for the VPN using their Active Directory credentials, thus simplifying network access for them and simplifying user management for the network administrator.

Пікірлер: 13

@soundtraining 11 жыл бұрын

Thanks for your comment and pointing out the dsquery tool. Much appreciated. I'm sure that will help others in the same situation. As you point out, it depends on your directory structure and the location of affected objects.

@rbattle2u 4 жыл бұрын

Clear and to the point. I was able to use this as a reference to setup my VPN authentication against AD LDAP

@vasekagayev7173 11 жыл бұрын

Thank you. After some searching, I finally found the article that helped me solve the issue

@bdtrap 11 жыл бұрын

Don, thanks for posting this. Excellent quick-and-dirty tutorial. As a note, I followed this and couldn't get authentication to work. When I queried LDAP for my device's DN I got a "cn,ou,dc,dc" pattern. Just thought I'd post this to help anyone else who tried "cn,cn,dc,dc" and got mixed results. In MS Windows you can use the "dsquery" tool from the server to find the LDAP DN/RDN's. e.g. c:\>dsquery user -samid ASA01 "CN=ASA01,OU=Appliances,DC=domainname,DC=tld"

@BillDavidsonTPS 8 жыл бұрын

Thank you again, your videos are awesome - this one worked perfect, first try! Ordering your latest ASA book today.

@soundtraining 11 жыл бұрын

I did a search on "cisco vpn ldap authentication group membership" and found a forum post that describes how to do it. (KZbin doesn't all posting links, so just try that search string.) I'll try to set up a test to confirm it next week and will post the results on the soundtraining[dot]net Facebook page.

@khensanigregorybaloyi5292 6 ай бұрын

Thank you so much, quite informative. I have a question though, Is it possible to configure a failover/backup LDAP server for the same profile, thats incase that DC goes down and the VPN users can still authenticate on the secondary DC? If possible, would you please share the data?

@henrybernard2591 10 жыл бұрын

Thank you

@vasekagayev7173 11 жыл бұрын

At the moment I use this design - Base DN: OU = OUname, dc = example, dc = local. All the users of this OU can authenticate when connected via vpn. How can I narrow the scope to global security group, so that only user of this security group could authenticate?