RE: IOS SSLVPN AND ACTIVE DIRECTORY from Joseph L. Brunner on 2010-11-12 (Ccielab archives 11/2010)

From: Joseph L. Brunner <joe_at_affirmedsystems.com>
Date: Fri, 12 Nov 2010 11:28:58 -0500

What's funny is google seems to be a blessing for some and an unknown company
to others.

"god helps those that help themselves"

-Joe

From: Sadiq Yakasai [mailto:sadiqtanko_at_gmail.com]
Sent: Friday, November 12, 2010 11:21 AM
To: Joseph L. Brunner
Cc: Beauty; ccielab_at_groupstudy.com
Subject: Re: IOS SSLVPN AND ACTIVE DIRECTORY

Yeah, I did not also see what was funny in that first email to be honest!

Sadiq
On Fri, Nov 12, 2010 at 3:44 PM, Joseph L. Brunner
<joe_at_affirmedsystems.com<mailto:joe_at_affirmedsystems.com>> wrote:
Yes you can disabled "file" access!

http://www.cisco.com/en/US/products/ps6496/products_configuration_example0918
6a008072aa7b.shtml#II1

"Captain, I'm detecting much win in this sector"

-Joe

-----Original Message-----
From: Beauty
[mailto:fordownloadsccie_at_gmail.com<mailto:fordownloadsccie_at_gmail.com>]
Sent: Friday, November 12, 2010 10:37 AM
To: Joseph L. Brunner
Cc: ccielab_at_groupstudy.com<mailto:ccielab_at_groupstudy.com>
Subject: Re: IOS SSLVPN AND ACTIVE DIRECTORY

Thanks Joe for the response ,
Thanks for also laughing at my ignorance ,
Also i want to know if the cisco secure desktop also prevents users
from storing info accessed over the vpn on external devices like flash
drives, external HDD , cd roms etc , if not is there any cisco or
network solution for this.

On 11/12/10, Joseph L. Brunner
<joe_at_affirmedsystems.com<mailto:joe_at_affirmedsystems.com>> wrote:
> LOL,
>
> Yeah quite easily;
>
> Simply configure the standard radius groups you always configure and expose
> AD via radius in IAS in 2003 AD, or NPS in 2008
>
>
> aaa authentication login msftad group radius
>
> aaa authorization network msftad group radius
>
> radius-server host 10.110.20.10 auth-port 1645 acct-port 1646 key 7
> 0991430B2A5411001
>
> webvpn gateway somegw
> webvpn context some-context
> policy group some-policy
> default-group-policy some-policy
> aaa authentication list msftad
> aaa authorization list msftad
> gateway somegw
>
> then on AD setup the IAS/NPS (here is some notes for windows 2008 server's
> Network Policy Server (NPS)
>
>
http://social.technet.microsoft.com/Forums/en/winserverNIS/thread/bfbbbae4-a2
80-4b3f-b214-02867b7d33e3
>
> -Joe
>
> -----Original Message-----
> From: nobody_at_groupstudy.com<mailto:nobody_at_groupstudy.com>
[mailto:nobody_at_groupstudy.com<mailto:nobody_at_groupstudy.com>] On Behalf Of
> Beauty
> Sent: Friday, November 12, 2010 10:07 AM
> To: ccielab_at_groupstudy.com<mailto:ccielab_at_groupstudy.com>
> Subject: OT: IOS SSLVPN AND ACTIVE DIRECTORY
>
> Hi All,
> Is it possible to configure IOS sslvpn to authenticate users against
> active directory , if yes can anyone provide suitable links.
>
> --
> Warm Regards ,
> Beauty
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

--
Warm Regards ,
Beauty
Blogs and organic groups at http://www.ccie.net

Received on Fri Nov 12 2010 - 11:28:58 ART

This archive was generated by hypermail 2.2.0 : Sun Dec 05 2010 - 22:14:56 ART