I've created two videos on the subject. The first one is about installing and configuring RADIUS on Windows Server 2012:
The second one is about configuring RADIUS authentication for VPN users on the ASA Security Appliance:
For More Cisco ASA Configuration Information
Pick up a copy of my configuration guide The Accidental Administrator: Cisco ASA Security Appliance, available through Amazon and other resellers.
Please Leave a Comment
If you find this tutorial helpful or if you notice something that needs to be corrected, please leave a comment.
2 comments:
Why choose the PAP authentication? I'm curious, is the cleartext only inside our network between the ASA and the RADIUS server?? I am generally uncomfortable with any authentication not being encrypted so this made me wonder. It would obviously defeat the purpose of VPN for the passwords to be available in cleartext, so I'm assuming it's only inside the network. Please advise. Thanks! Your book is on the way to me.
Good point, Andrew. I chose to use PAP in the example purely for simplicity. RADIUS also supports other authentication protocols including CHAP and UNIX logins. (See RFC 2865). In future updates to the book, I'll most likely use a different authentication method. Frankly, if I were setting up AD authentication today for VPN users, I'd probably consider LDAP or Kerberos before RADIUS. I have some videos showing how to do that on my video channel. Thanks for your comment.
Post a Comment