How to Setup Cisco VPN to Use Microsoft Active Directory?

Setting up your Cisco ASA VPN connection to use MS Active Directory for Authentication and Authorization is not that hard, just a little bit confusing at first.

First, you will need to setup the LDAP AAA server on the ASA. Read the following link from Cisco.com on how to setup the LDAP AAA Server.

http://www.cisco.com/en/US/docs/security/asa/asa71/asdm51/selected_procedures/asdmldap.html#wp1033020

The instructions are pretty much correct except with newer ASDM software, the IETF-Radius-Class is moved to “Group Policy”.

*Important: Make sure your LDAP information are correct. E.g. CN and DN information. Like cn=ciscotest,ou=testuser,dc=testdomain,dc=com

You can setup Active Directory Mapping to map AD security groups to your ASA box. This way you can control who will have VPN access by adding users a security group.