[c-nsp] ASA5500 authentication with Kerberos/NT Domain Controler

[Jeremiah Best]

Scott,

I hope this helps: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml#cli . 

aaa-server WINDOWS protocol nt
aaa-server WINDOWS (inside) host x.x.x.x
 nt-auth-domain-controller servername

group-policy name-vpn-policy internal
group-policy name-vpn-policy attributes
 wins-server value x.x.x.x
 dns-server value x.x.x.x
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value acl_namevpn
 address-pools value dhcp-name-pool

tunnel-group name-vpn type ipsec-ra
tunnel-group name-vpn general-attributes
 authentication-server-group WINDOWS LOCAL
 default-group-policy name-vpn-policy


Thanks,
Jeremiah



-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Scott Granados
Sent: Monday, August 03, 2009 10:15 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] ASA5500 authentication with Kerberos/NT Domain Controler

Hi, I have a pair of ASA5500 devices that I wish to use to provide VPN 
services. I've been googling but all the examples I've found on Cisco.com 
and other sites are designed for configuration using the ASDM. The ASDM is 
absolutely awful to use and also almost entirely inaccessible with a screen 
reader.
Does anyone have some configuration examples using the command line that 
allow for users with Cisco VPN clients to authenticate against a Domain 
controler using Kerberos/NT and authenticates to a specific VPN group with a 
preshared key?  I have a very basic network with a 10.x.0.0/16 network that 
I wish to share to users via VPN clients.

Any basic pointers or any pointers to a site that's more command line 
specific either on or off Cisco.com would be appreciated.

Thank you
Scott


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/