Link to home
Start Free TrialLog in
Avatar of Strinalena
Strinalena

asked on

Remote Access VPN Authentication via AD Groups

Hi,

Need to use AD to define which users can gain access via the remote Access VPN client. Users are using the IPsec VPN client to gain access to the network and the ASA has a radius server configured pointing to the DC, which also has the NPS role Installed. I would like to use a specific group in AD to filter who has access.
Can someone guide me on how this can be achieved as I have tried creating separate connections request policy and network policy with one specific AD group defined, but it doesnt work.

There is already one (looks like default) connection request policy called Use Windows Authentication for all users.

I have read that I can set up the same server as LDAP server on the ASA and use the ASA to query AD somehow but wanted to ask if someone can help without doing this as will be so much easier.
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Strinalena
Strinalena

ASKER

I have done the second configuration on the ASA but then there is work to be done on the NPS which doesnt work at the moment.

Am trying to avoid the first configuration if the second one can be set to work
The issue was with the Users' AC accounts. The setting Control Access through NPS Network Policy was set to Allow instead of Control via policy
I've requested that this question be closed as follows:

Accepted answer: 0 points for Strinalena's comment #a39977694

for the following reason:

Sorted
Sorted
I have hope that the sharing has helped and as the initial query did not mentioned any errors hence thought you are looking at the different option to explore. If that has helped or given appropriate option, I hope you can kindly acknowledged so others can benefit the community - it seems that the question and answer is "abandoned"
Thanks