Configure Cisco ASA remote access VPN to use RADIUS

This article will help with setting up a Cisco ASA 5500-series firewall to use RADIUS to query a Microsoft Windows Active Directory domain controller to authenticate users who are connecting in using the Cisco VPN client.

1. Install the Internet Authentication Service (IAS) Windows component

2. Open the IAS console

3. Add the Cisco ASA as a RADIUS client

4. Edit the remote access policy in the IAS console as needed; enable “Unencrypted authentication (PAP, SPAP)” on the Authentication tab of the profile

5. Connect to your ASA (assuming you are using the ASDM)

6. Go to the Properties tab, then to AAA Setup à AAA Server Groups

7. Create new server group

8. Add a server to the group

9. Test the authentication

10. Go into your VPN settings on the ASA (General à Tunnel Group à properties of the remote access VPN)

11. Go to the General à Authentication tab and change the Authentication Server Group property to the new AAA Server Group that you just created

12. Check the box to enable LOCAL authentication if the server group fails

13. Test it with an Active Directory user account from outside using the Cisco VPN client