Configuring the active directory domain – Cisco ASA 5505 User Manual

Page 723

Advertising
background image

36-11

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 36 Configuring the Identity Firewall

Task Flow for Configuring the Identity Firewall

See

Configuring Cut-through Proxy Authentication, page 22

.

Step 6

Configure VPN authentication.

See

Configuring VPN Authentication, page 24

.

Configuring the Active Directory Domain

Active Directory domain configuration on the ASA is required for the ASA to download Active
Directory groups and accept user identities from specific domains when receiving IP-user mapping from
the AD Agent.

Prerequisites

Active Directory server IP address

Distinguished Name for LDAP base dn

Distinguished Name and password for the Active Directory user that the Identity Firewall uses to
connect to the Active Directory domain controller

To configure the Active Directory domain, perform the following steps:

Command

Purpose

Step 1

hostname(config)# aaa-server server-tag protocol

ldap

Example:

hostname(config)# aaa-server adserver protocol ldap

Creates the AAA server group and configures AAA
server parameters for the Active Directory server.

Step 2

hostname(config-aaa-server-group)# aaa-server

server-tag [(interface-name)] host {server-ip |

name} [key] [timeout seconds]

Example:

hostname(config-aaa-server-group)# aaa-server

adserver (mgmt) host 172.168.224.6

For the Active Directory server, configures the AAA
server as part of a AAA server group and the AAA
server parameters that are host-specific.

Step 3

hostname(config-aaa-server-host)# ldap-base-dn

string

Example:

hostname(config-aaa-server-host)# ldap-base-dn

DC=SAMPLE,DC=com

Specifies the location in the LDAP hierarchy where
the server should begin searching when it receives
an authorization request.

Specifying the ldap-base-dn command is optional.
If you do not specify this command, the ASA
retrieves the defaultNamingContext from Active
Directory and uses it as the base DN.

Step 4

hostname(config-aaa-server-host)# ldap-scope subtree

Specifies the extent of the search in the LDAP
hierarchy that the server should make when it
receives an authorization request.

Step 5

hostname(config-aaa-server-host)#

ldap-login-password

string

Example:

hostname(config-aaa-server-host)#

ldap-login-password obscurepassword

Specifies the login password for the LDAP server.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals