Configuring the identity firewall, Task flow for configuring the identity firewall – Cisco ASA 5505 User Manual
Page 722
36-10
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 36 Configuring the Identity Firewall
Configuring the Identity Firewall
Note
Before running the AD Agent Installer, you must install the following patches on every Microsoft Active
Directory server that the AD Agent monitors. These patches are required even when the AD Agent is
installed directly on the domain controller server. See the README First for the Cisco Active Directory
Agent.
Configuring the Identity Firewall
This section contains the following topics:
•
Task Flow for Configuring the Identity Firewall, page 10
•
Configuring the Active Directory Domain, page 11
•
Configuring Active Directory Agents, page 13
•
Configuring Identity Options, page 14
•
Configuring Identity-based Access Rules, page 20
•
Configuring Cut-through Proxy Authentication, page 22
•
Configuring VPN Authentication, page 24
Task Flow for Configuring the Identity Firewall
Prerequisite
Before configuring the Identity Firewall in the ASA, you must meet the prerequisites for the AD Agent
and Microsoft Active Directory. See
Task Flow in the ASA
To configure the Identity Firewall, perform the following tasks:
Step 1
Configure the Active Directory domain in the ASA.
See
Configuring the Active Directory Domain, page 11
See also
for the ways in which you can deploy the Active Directory
servers to meet your environment requirements.
Step 2
Configure the AD Agent in ASA.
See
Configuring Active Directory Agents, page 13
.
See also
for the ways in which you can deploy the AD Agents to meet
your environment requirements.
Step 3
Configure Identity Options.
See
Configuring Identity Options, page 14
.
Step 4
Configure Identity-based Access Rules in the ASA.
After AD domain and AD-Agent are configured, identity-based rules can be specified to enforce
identity-based rules. See
Configuring Identity-based Access Rules, page 20
Step 5
Configure the cut-through proxy.