Friday, April 19, 2013

Cisco ASA VPN Users and RADIUS Authentication with Active Directory

I've been busy writing a tutorial and producing videos on how to authenticate Cisco ASA VPN users with RADIUS connected to Active Directory. Here's a link to the tutorial:

I've created two videos on the subject. The first one is about installing and configuring RADIUS on Windows Server 2012:

The second one is about configuring RADIUS authentication for VPN users on the ASA Security Appliance:

For More Cisco ASA Configuration Information

Pick up a copy of my configuration guide The Accidental Administrator: Cisco ASA Security Appliance, available through Amazon and other resellers.

Please Leave a Comment 

If you find this tutorial helpful or if you notice something that needs to be corrected, please leave a comment.


Unknown said...

Why choose the PAP authentication? I'm curious, is the cleartext only inside our network between the ASA and the RADIUS server?? I am generally uncomfortable with any authentication not being encrypted so this made me wonder. It would obviously defeat the purpose of VPN for the passwords to be available in cleartext, so I'm assuming it's only inside the network. Please advise. Thanks! Your book is on the way to me.

Unknown said...

Good point, Andrew. I chose to use PAP in the example purely for simplicity. RADIUS also supports other authentication protocols including CHAP and UNIX logins. (See RFC 2865). In future updates to the book, I'll most likely use a different authentication method. Frankly, if I were setting up AD authentication today for VPN users, I'd probably consider LDAP or Kerberos before RADIUS. I have some videos showing how to do that on my video channel. Thanks for your comment.