Cisco Cisco ASA for Nexus 1000V Series Switch 技术手册
ASA with WebVPN and Single Sign−on using
ASDM and NTLMv1 Configuration Example
ASDM and NTLMv1 Configuration Example
Document ID: 70037
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Configure
Add an AAA Server for Windows Domain Authentication
Create a Self−signed Certificate
Enable WebVPN on the Outside Interface
Prerequisites
Requirements
Components Used
Conventions
Configure
Add an AAA Server for Windows Domain Authentication
Create a Self−signed Certificate
Enable WebVPN on the Outside Interface
Configure a URL List for your Internal Server(s)
Configure an Internal Group Policy
Configure a Tunnel Group
Configure Auto−Signon for a Server
Final ASA Configuration
Verify
Test a WebVPN Login
Monitor Sessions
Debug a WebVPN Session
Troubleshoot
Related Information
Configure an Internal Group Policy
Configure a Tunnel Group
Configure Auto−Signon for a Server
Final ASA Configuration
Verify
Test a WebVPN Login
Monitor Sessions
Debug a WebVPN Session
Troubleshoot
Related Information
Introduction
This document describes how to configure the Cisco Adaptive Security Appliance (ASA) to automatically
pass WebVPN user login credentials, as well as secondary authentication, to servers that require additional
login validation against Windows Active Directory running NT LAN Manager version 1 (NTLMv1). This
feature is known as single−sign−on (SSO). It gives links configured for a specific WebVPN group the
capability to pass on this user authentication information, thus eliminating multiple authentication prompts.
This feature can also be used at the global or user configuration level.
pass WebVPN user login credentials, as well as secondary authentication, to servers that require additional
login validation against Windows Active Directory running NT LAN Manager version 1 (NTLMv1). This
feature is known as single−sign−on (SSO). It gives links configured for a specific WebVPN group the
capability to pass on this user authentication information, thus eliminating multiple authentication prompts.
This feature can also be used at the global or user configuration level.
Prerequisites
Requirements
Ensure that you meet these requirements before you attempt this configuration:
Ensure that NTLMv1 and Windows permissions for the target VPN users are configured. Consult
your Microsoft documentation for more information on Windows domain access rights.
your Microsoft documentation for more information on Windows domain access rights.
•
Components Used
The information in this document is based on these software and hardware versions: