Re: SSL VPN + CSD from Muhammad Nasim on 2009-11-18 (Ccielab archives 11/2009)

From: Muhammad Nasim <muhammad.nasim_at_gmail.com>
Date: Wed, 18 Nov 2009 13:46:20 +0300

Please find below the tested and running configuration in more then one of
my clients : )

aaa-server LDAP protocol ldap
reactivation-mode depletion deadtime 10
max-failed-attempts 3
aaa-server LDAP (inside) host 10.1.1.1
timeout 10
server-port 389
ldap-base-dn dc=yourdomain, dc=yourdomain
no ldap-group-base-dn
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password * (the password of the username u created in AD)
ldap-login-dn cn=username(created in AD), ou=OUNAME, dc=YOURDOMAIN,
dc=YOURDO
no sasl-mechanism digest-md5
no sasl-mechanism kerberos
no ldap-over-ssl
server-type microsoft
no ldap-attribute-map
group-search-timeout 10

2009/11/18 manoj prajapati <manoj4784_at_gmail.com>

> Hello Experts,
>
> I have configured SSL VPN + CSD (cisco secure desktop) on ASA 5510
> device, and sucessfully connecting from the outside world . But, here i
> wanted to achieve this authentication should be taken from* Active
> Directory
> * instead of local Authentication.
>
> Can anybody gives some light to it....
>
> Here is the configuration,
>
> aaa-server kingkong protocol nt
> aaa-server kingkong (inside) host 10.1.12.2
> nt-auth-domain-controller 10.1.12.2
> aaa authentication enable console kingkong-ad LOCAL
> aaa authentication telnet console kingkong-ad LOCAL
> aaa authentication http console kingkong-ad LOCAL
>
> webvpn
> enable outside
> csd image disk0:/csd_3.4.2048.pkg
> csd enable
>
> group-policy DfltGrpPolicy attributes
> webvpn
> url-list value kingkong
>
> username ssl password /vxQodoe6LJn53cZ encrypted
> username ssl attributes
> vpn-group-policy DfltGrpPolicy
> webvpn
> port-forward disable
> customization value DfltCustomization
> port-forward name Application Access
>
>
> Regards,
> Manoj
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Muhammad Nasim
Network Engineer
Saudi Arabia
Blogs and organic groups at http://www.ccie.net

Received on Wed Nov 18 2009 - 13:46:20 ART

This archive was generated by hypermail 2.2.0 : Tue Dec 01 2009 - 06:36:29 ART