Cisco ASA 5505 User Manual

Page 724

Advertising
background image

36-12

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 36 Configuring the Identity Firewall

Task Flow for Configuring the Identity Firewall

What to Do Next

Configure AD Agents. See

Configuring Active Directory Agents, page 13

.

Step 6

hostname(config-aaa-server-host)# ldap-login-dn

string

Example:

hostname(config-aaa-server-host)#ldap-login-dn

SAMPLE\user1

Specifies the name of the directory object that the
system should bind this as. The ASA identifies itself
for authenticated binding by attaching a Login DN
field to the user authentication request. The Login
DN field describes the authentication characteristics
of the ASA.

Where string is a case-sensitive string of up to 128
characters that specifies the name of the directory
object in the LDAP hierarchy. Spaces are not
permitted in the string, but other special characters
are allowed.

You can specify the traditional or simplified format.

The traditional ldap-login-dn in format includes:
CN=username,OU=Employees,OU=Sample
Users,DC=sample,DC=com is accepted also.

Step 7

hostname(config-aaa-server-host)# server-type

microsoft

Configures the LDAP server model for the
Microsoft Active Directory server.

Step 8

hostname(config-aaa-server-host)# ldap-group-base-dn

string

Example:

hostname(config-aaa-server-host)# ldap-group-base-dn

OU=Sample Groups,DC=SAMPLE,DC=com

Specifies location of the Active Directory groups
configuration in the Active Directory domain
controller. If not specified, the value in ldap-base-dn
is used.

Specifying the ldap-group-base-dn command is
optional.

Step 9

hostname(config-aaa-server-host)# ldap-over-ssl

enable

Allows the ASA to access the Active Directory
domain controller over SSL. To support LDAP over
SSL, Active Directory server needs to be configured
to have this support.

By default, Active Directory does not have SSL
configured. If SSL is not configured on on Active
Directory, you do not need to configure it on the
ASA for the Identity Firewall.

Step 10

hostname(config-aaa-server-host)# server-port

port-number

Examples:

hostname(config-aaa-server-host)# server-port 389

hostname(config-aaa-server-host)# server-port 636

By default, if ldap-over-ssl is not enabled, the
default server-port is 389; if ldap-over-ssl is
enabled, the default server-port is 636.

Step 11

hostname(config-aaa-server-host)#

group-search-timeout

seconds

Examples:

hostname(config-aaa-server-host)#

group-search-timeout 300

Sets the amount of time before LDAP queries time
out.

Command

Purpose

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals