Cisco ASA 5505 User Manual

Page 727

Advertising
background image

36-15

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 36 Configuring the Identity Firewall

Task Flow for Configuring the Identity Firewall

Command

Purpose

Step 1

hostname(config)# user-identity enable

Enables the Identity Firewall feature.

Step 2

hostname(config)# user-identity default-domain

domain_NetBIOS_name

Example:

hostname(config)# user-identity default-domain

SAMPLE

Specifies the default domain for the Identity
Firewall.

For

domain_NetBIOS_name,

enter a name up to 32

characters consisting of [a-z], [A-Z], [0-9],
[!@#$%^&()-_=+[]{};,. ] except '.' and ' ' at the first
character. If the domain name contains a space,
enclose the entire name in quotation marks. The
domain name is not case sensitive.

The default domain is used for all users and user
groups when a domain has not been explicitly
configured for those users or groups. When a default
domain is not specified, the default domain for users
and groups is LOCAL. For multiple context modes,
you can set a default domain name for each context,
as well as within the system execution space.

Note

The default domain name you specify must
match the NetBIOS domain name
configured on the Active Directory domain
controller. If the domain name does not
match, the AD Agent will incorrectly
associate the user identity-IP address
mappings with the domain name you enter
when configuring the ASA. To view the
NetBIOS domain name, open the Active
Directory user event security log in any text
editor.

The Identity Firewall uses the LOCAL domain for
all locally defined user groups or locally defined
users. Users logging in through a web portal
(cut-through proxy) are designated as belonging to
the Active Directory domain with which they
authenticated. Users logging in through a VPN are
designated as belonging to the LOCAL domain
unless the VPN is authenticated by LDAP with
Active Directory, then the Identity Firewall can
associate the users with their Active Directory
domain.

Step 3

hostname(config)# user-identity domain

domain_nickname aaa-server aaa_server_group_tag

Example:

hostname(config)# user-identity domain SAMPLE

aaa-server ds

Associates the LDAP parameters defined for the
AAA server for importing user group queries with
the domain name.

For

domain_nickname,

enter a name up to 32

characters consisting of [a-z], [A-Z], [0-9],
[!@#$%^&()-_=+[]{};,. ] except '.' and ' ' at the first
character. If the domain name contains a space, you
must enclose that space character in quotation
marks. The domain name is not case sensitive.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals