How does the Cisco ASA use Active Directory to authorize VPN users?
A . It queries the Active Directory server for a specific attribute for the specified user.
B . It sends the username and password to retrieve an ACCEPT or REJECT message from the Active Directory server.
C . It downloads and stores the Active Directory database to query for future authorization requests.
D . It redirects requests to the Active Directory server defined for the VPN group.
Answer: A
Explanation:
When ASA needs to authenticate a user to the configured LDAP server, it first tries to login using the login DN provided. After successful login to the LDAP server, ASA sends a search query for the username provided by the VPN user. This search query is created based on the naming attribute provided in the configuration. LDAP replies to the query with the complete DN of the user. At this stage ASA sends a second login attempt to the LDAP server. In this attempt, ASA tries to login to the LDAP server using the VPN user’s full DN and password provided by the user. A successful login to the LDAP server will indicate that the credentials provided by the VPN user are correct and the tunnel negotiation will move to the Phase 2.
Source: http://www.networkworld.com/article/2228531/cisco-subnet/using-your-active-directoryfor-vpn- authentication-on-asa.html
Leave a Reply