Hello , I would like to authenticate my cisco vpn clients to Active directory so that every time their password changes on the Active directory it gets reflected on the cisco router as well . I'm currently using cisco 2811 router for VPN. Can this be done on this router ? Any suggestion is appreciated.
I've done this on a PIX, so I'm reasonably sure that it can be done on an IOS router as well. I can't give you exact configuration details, but what you'll need to do is define a RADIUS AAA server, assign the VPN authentication to the RADIUS AAA server you just defined, and then install IAS on one of your Windows-based servers in the Active Directory domain. IAS will provide a RADIUS interface to which the Cisco router will communicate (hence the need to define a RADIUS AAA server on the router). You'll need to configure IAS (provide a shared secret, setup a remote access policy, etc.), but that's really pretty straightforward.