Home > Active Directory, Production Story > ASA RADIUS authentication

ASA RADIUS authentication

RADIUS authentication is a good easy way to integrate Cisco login with AD credentials.

I had to configure a new RADIUS server today and it is a great opportunity to go over the commands, in my case it is done on ASA 5505.

This is all you have to configure on the Cisco side:

aaa-server vpn protocol radius
aaa-server vpn (inside) host
key password

Let’s break down the commands:
aaa-server vpn -> vpn is the group name (will be used later as a tunnel-group attribute)
protocol radius -> set authentication type to RADIUS
aaa-server vpn (inside) -> describe the interface that connect to RADIUS. inside in this case is the firewall LAN
host -> IP address and of the RADIUS server
key password -> set a password. RADIUS password must match between the router and the RADIUS server.

Applying this to a tunnel group is also very simple:

tunnel-group Web_Users general-attributes
authentication-server-group vpn LOCAL

The RADIUS side is almost as easy as the Cisco side. I’m using Microsoft IAS on one of my management 2003 servers. I had to hide some of the parameters but the idea is clearly presented:

And the properties of my ASA connection – this is where you use the password we typed on the router:

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: