Cisco ASA 5505 User Manual

Page 733

Advertising
background image

36-21

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 36 Configuring the Identity Firewall

Task Flow for Configuring the Identity Firewall

Command

Purpose

Step 1

hostname(config)# object-group user user_group_name

Examples:

hostname(config)# object-group user users1

Defines object groups that you can use to control
access with the Identity Firewall. You can use the
object group as part of an access group or service
policy.

Step 2

hostname(config-user-object-group)# user

domain_NetBIOS_name\user_name

Examples:

hostname(config-user-object-group)# user

SAMPLE\users1

Specifies the user to add to the access rule.

The user_name can contain any character including
[a-z], [A-Z], [0-9], [!@#$%^&()-_{}. ]. If
domain_NetBIOS_name\user_name contains a
space, you must enclose the domain name and user
name in quotation marks.

The user_name can be part of the LOCAL domain or
a user imported by the ASA from Active Directory
domain.

If the domain_NetBIOS_name is associated with a
AAA server, the user_name must be the Active
Directory sAMAccountName, which is unique,
instead of the common name (cn), which might not
be unique.

Thedomain_NetBIOS_name can be LOCAL or the
actual domain name as specified in user-identity
domain domain_NetBIOS_name aaa-server
aaa_server_group_tag command.

Step 3

hostname(config-user-object-group)# user-group

domain__NetBIOS_name\\user_group_name

Examples:

hostname(config-user-object-group)# user-group

SAMPLE\\group.marketing

Specifies a user group to add to the access rule.

The group_name can contain any character
including [a-z], [A-Z], [0-9], [!@#$%^&()-_{}. ]. If
domain_NetBIOS_name\group_name contains a
space, you must enclose the domain name and user
name in quotation marks.

Specifying the domain_NetBIOS_name for
user-group has the same requirements as specifying
it for user.

The ASA imports the nested user groups from in
Active Directory when the access rule is used in an
access group or service policy.

Step 4

hostname(config-user-object-group)# exit

Exit from the configure user object group mode to
the global configuration mode.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals