Forum Discussion
Cisco ASA VPN RADIUS accounting to Advanced Threat Analytics (ATA) center to configure VPN Location
MikhailCoral can you confirm that you don't have to have NPS installed on the domain controllers? So could we forward RADIUS accounting events from the Cisco ASA to the ATA Lightweight Gateway and VPN integration would work?
.png){kind=link}
Q1: "can you confirm that you don't have to have NPS installed on the domain controllers?"
A1: Vice versa, The NSP is installed on Domain controller (I have one DC only). And the NSP role is configured as RADIUS server, which uses Active directory (AD) security group (I've created special security group, e.g. "sslvpn" and added needed users).
My Domain controller has multiple roles in one: DC (AD), NSP (as a RADIUS server), ATA Lightweight Gateway, also DNS and DHCP )))). It is just optimization to save hardware resources.
PS: As a bonus, simultaneously I use NSP (as a RADIUS server with WIFI security AD group) and DHCP to access to WIFI Access Points (wireless security method: WPA / WPA2 Enterprise).
Q2: "So could we forward RADIUS accounting events from the Cisco ASA to the ATA Lightweight Gateway and VPN integration would work?"
A2: Yes. Only on Cisco ASA I use Remote Access VPN option ( Anyconnect client profile ) and RADIUS server with the same security group "sslvpn" for VPN Authentication.