Cisco FirePOWER ASA 5500 series Configuration Manual page 698
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Getting Started with WebVPN
hostname(config-webvpn-sso-siteminder)# web-agent-url http://www.Example.com/webvpn
hostname(config-webvpn-sso-siteminder)#
Step 3
Specify a secret key to secure the authentication communications between the security appliance and
SiteMinder using the policy-server-secret command in webvpn-sso-siteminder configuration mode.
You can create a key of any length using any regular or shifted alphanumeric character, but you must
enter the same key on both the security appliance and the SSO server.
For example, to create the secret key AtaL8rD8!, enter the following:
hostname(config-webvpn-sso-siteminder)# policy-server-secret AtaL8rD8!
hostname(config-webvpn-sso-siteminder)#
Optionally, you can configure the number of seconds before a failed SSO authentication attempt times
Step 4
out using the request-timeout command in webvpn-sso-siteminder configuration mode. The default
number of seconds is 5 seconds and the possible range is 1 to 30 seconds. To change the number of
seconds before a request times out to 8, for example, enter the following:
hostname(config-webvpn-sso-siteminder)# request-timeout 8
hostname(config-webvpn-sso-siteminder)#
Optionally, you can configure the number of times the security appliance retries a failed SSO
Step 5
authentication attempt before the authentication times-out using the max-retry-attempts command in
webvpn-sso-siteminder configuration mode. The default is 3 retry attempts and the possible range is 1
to 5 attempts. To configure the number of retries to be 4, for example, enter the following:
hostname(config-webvpn-sso-siteminder)# max-retry-attempts 4
hostname(config-webvpn-sso-siteminder)#
Step 6
After you configure the SSO server, you must specify SSO authentication for either a group or user. To
specify SSO for a group, assign an SSO server to a group policy using the sso-server value command
in group-policy-webvpn configuration mode. To specify SSO for a user, assign an SSO server to a user
policy using the same command, sso-server value, but in username-webvpn configuration mode. For
example, to assign the SSO server named Example to the user named Anyuser, enter the following:
hostname(config)# username Anyuser attributes
hostname(config-username)# webvpn
hostname(config-username-webvpn)# sso-server value Example
hostname(config-group-webvpn)#
Finally, you can test the SSO server configuration using the test sso-server command in privileged
Step 7
EXEC mode. For example, to test the SSO server named Example using the username Anyuser, enter the
following:
hostname# test sso-server Example username Anyuser
INFO: Attempting authentication request to sso-server Example for user Anyuser
INFO: STATUS: Success
hostname#
Adding the Cisco Authentication Scheme to SiteMinder
Besides configuring the security appliance for SSO with SiteMinder, you must also configure your CA
SiteMinder Policy Server with the Cisco authentication scheme, provided as a Java plug-in.
Note
•
•
Cisco Security Appliance Command Line Configuration Guide
37-8
Configuring the SiteMinder Policy Server requires experience with SiteMinder.
This section presents general tasks, not a complete procedure.
Chapter 37
Configuring WebVPN
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
