05 Nov 12 Configure Microsoft NPS 2008 for Cisco AnyConnect VPN

Microsoft NPS 2008 Server configuration for Cisco AnyConnect VPN Client

Previously I explained how I configured Cisco AnyConnect VPN on the Cisco ASA 5520. In that configuration instead of using the Local Authentication I utilized RADIUS Authentication. In this article I am going to talk about how I configured the RADIUS Server – Microsoft NPS 2008 to provide Authentication for Cisco AnyConnect clients.

Since Cisco ASA configuration has already been explained I’m only putting the Microsoft NPS 2008 Server steps here:

  • I started with creating a new profile, under Overview I left the settings as shown in the picture below: (Note: you can name the policy whatever you like)
  • Next under Conditions, there are two things I had to add. 1) Windows Group that I wanted to allow to be able to use Cisco AnyConnect VPN, 2) NAS IPv4 Address = Cisco ASA’s inside interface IP
  • Next under Constraints, the only thing I changed was the Authentication Method I set it up for MS-CHAP-v2. There are other methods available as well but for now I just picked this
  • That is it after all these steps and saving my settings I added a test user into my AnyConnect group and was able to sign into the Cisco AnyConnect VPN. As soon as I took that user out of that group I was no longer able to sign in.

Note:Use this as a reference point only. There are other configuration options available to tweak this according to your needs. Remember to always backup your work before you make any changes, always test configurations in the lab and never do anything that you can not undo :).

Tags: , ,

WordPress SEO