Windows Server 2012 – Configure RADIUS for Cisco ASA 5500 Authentication

Advertisement

KB ID 0000685 Dtd 19/09/12

Problem

This week I was configuring some 2008 R2 RADIUS authentication, so I thought I'd take a look at how Microsoft have changed the process for 2012. The whole thing was surprisingly painless.

I will say that Kerberos Authentication is a LOT easier to configure, but I've yet to test that with 2012, (watch this space).

Solution

Step 1 Configure the ASA for AAA RADIUS Authentication

1. Connect to your ASDM, > Configuration.

ASDM Configuration

2. Remote Access VPN.

Cisco ASDM Remote Access VPN

3. AAA Local Users > AAA Server Groups.

AAA Server

4. In the Server group section > Add.

Add AAA Server Group

5. Give the group a name and accept the defaults > OK.

RADIUS Cisco ASA

6. Now (with the group selected) > In the bottom (Server) section > Add.

Add AAA Server

7. Specify the IP address, and a shared secret that the ASA will use with the 2012 Server performing RADIUS > OK.

RADIUS shared Secret

8. Apply.

Apply Firewall Changes

Configure AAA RADIUS from command line;

aaa-server PNL-RADIUS protocol radius aaa-server PNL-RADIUS (inside) host 172.16.254.223 key 123456 radius-common-pw 123456 exit

Step 2 Configure Windows 2012 Server to allow RADIUS

9. On the Windows 2012 Server > Launch Server Manager > Local Server.

2012 Server Manager

10. Manage > Add Roles and Features.

2012 Add Server Role

11. If you get an initial welcome page, tick the box to 'skip' > Next > Accept the 'Role based or feature based installation' > Next.

Role or Feature Install 2012

12. We are installing locally > Next.

Local Server Install

13. Add 'Network Policy and Access Server' > Next.

2012 Network Policy and Access Server

14. Add Features.

Role Features 2012

15. Next.

Additional Features Server 2012

16. Next.

2012 NAP

17. Next.

Windows Server 2012 Network Policy Server

18. Install.

Author: Migrated

Share This Post On