Cisco ASA 5505 User Manual

Page 697

Advertising
background image

35-17

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 35 Configuring AAA Servers and the Local Database

Configuring AAA

To set up VPN user authorization using LDAP, perform the following steps.

Detailed Steps

Examples

While there are other authorization-related commands and options available for specific requirements,
the following example shows commands for enabling user authorization with LDAP. The example then
creates an IPsec remote access tunnel group named remote-1, and assigns that new tunnel group to the
previously created ldap_dir_1 AAA server group for authorization:

hostname(config)# tunnel-group remote-1 type ipsec-ra

hostname(config)# tunnel-group remote-1 general-attributes

hostname(config-general)# authorization-server-group ldap_dir_1

hostname(config-general)#

After you complete this configuration work, you can then configure additional LDAP authorization
parameters such as a directory password, a starting point for searching a directory, and the scope of a
directory search by entering the following commands:

hostname(config)# aaa-server ldap_dir_1 protocol ldap

hostname(config-aaa-server-group)# aaa-server ldap_dir_1 host 10.1.1.4

hostname(config-aaa-server-host)# ldap-login-dn obscurepassword

hostname(config-aaa-server-host)# ldap-base-dn starthere

hostname(config-aaa-server-host)# ldap-scope subtree

hostname(config-aaa-server-host)#

Command

Purpose

Step 1

aaa-server

server_group

protocol {kerberos | ldap | nt |

radius | sdi | tacacs+}

Example:

hostname(config)# aaa-server servergroup1 protocol

ldap

hostname(config-aaa-server-group)

Creates a AAA server group.

Step 2

tunnel-group

groupname

Example:

hostname(config)# tunnel-group remotegrp

Creates an IPsec remote access tunnel group named
remotegrp.

Step 3

tunnel-group

groupname

general-attributes

Example:

hostname(config)# tunnel-group remotegrp

general-attributes

Associates the server group and the tunnel group.

Step 4

authorization-server-group

group-tag

Example:

hostname(config-general)# authorization-server-group

ldap_dir_1

Assigns a new tunnel group to a previously created
AAA server group for authorization.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals