It has nothing to do with the user’s public IP address or any address they might have inside their home network. This is the address that will appear inside the corporate network for this user. When users connect their VPN, they’ll need an IP address for the VPN session. It’s accessed through the ASA interface that I called “INSIDE” in the interface configuration.
This configuration fragment says that I have a RADIUS server inside my network with IP address 10.10.1.1, which I refer to by the tag “MYRADIUS” in the ASA configuration. The configuration is similar: !Īaa-server MYRADIUS (INSIDE) host 10.10.1.1 My preference is to use RADIUS for authentication and authorization, but there are other options such as LDAP. The first thing to configure is AAA authentication. The process itself is quite simple, though, so let’s go through the steps you’ll need to configure Cisco An圜onnect for your VPN.
Unfortunately, the documentation from Cisco is extremely confusing, and I’ve seen a lot of organizations that do it wrong (by which I mean insecurely). Because the world continues to work from home this year, I’ve had to configure Cisco An圜onnect VPNs on ASA firewalls for clients a few times.
0 kommentar(er)
