Configuring kcd – Cisco ASA 5505 User Manual
Page 1631
74-45
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 74 Configuring Clientless SSL VPN
Understanding How KCD Works
Configuring KCD
To have the ASA join a Windows Active Directory domain and return a success or failure status, follow
these commands:
Command
Purpose
Step 1
ntp
hostname
Example:
hostname(config)# config t
-----Create an alias for the Domain
Controller-------------
hostname(config)# name 10.1.1.10 DC
----Configure the Name
server------------------------------
Joins the Active Directory domain.
Shows a 10.1.1.10 domain controller (which is
reachable inside the interface) with a domain name
of private.net and a service account on the domain
controller using dcuser as the username and
dcuser123! as the password.
Step 2
dns domain-lookup
dns server-group
Example:
hostname(config)# ntp server DC
----Enable a DNS lookup by configuring the DNS
server and Domain name --------------
hostname(config)# dns domain-lookup inside
hostname(config)# dns server-group DefaultDNS
hostname(config-dns-server-group)# name-server DC
hostname(config-dns-server-group)# domain-name
private.net
----Configure the AAA server group with Server and
Realm------------------------------
hostname(config)# aaa-server KerberosGroup protocol
Kerberos
hostname(config-asa-server-group)# aaa-server
KerberosGroup (inside) host DC
hostname(config-asa-server-group)# Kerberos-realm
PRIVATE.NET
----Configure the Domain
Join------------------------------
hostname(config)# webvpn
hostname(config-webvpn)# kcd-server KerberosGroup
username dcuser password dcuser123!
hostname(config)#
Performs a lookup.
Shows a domain name of private.net and a service
account on the domain controller using dcuser as the
username and dcuser123! as the password.