Guidelines For The Identity Firewall - Cisco ASA Series Configuration Manual
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 5
Identity Firewall
Figure 5-6
Remote Site
AD Agent
The following figure shows an expanded remote site installation. An AD Agent and Active Directory
servers are installed at the remote site. The clients access these components locally when logging into
network resources located at the main site. The remote Active Directory server must synchronize its data
with the central Active Directory servers located at the main site.
Figure 5-7
Remote Site
AD Agent
Guidelines for the Identity Firewall
This section describes the guidelines and limitations that you should check before configuring the
Identity Firewall.
Failover
•
•
WAN-based Deployment with Remote AD Agent
Enterprise Main Site
Client
RADIUS
WAN
Login/Authentication
WAN-based Deployment with Remote AD Agent and AD Servers
Client
WMI
AD Servers
The Identity Firewall supports user identity-IP address mapping and AD Agent status replication
from active to standby when Stateful Failover is enabled. However, only user identity-IP address
mapping, AD Agent status, and domain status are replicated. User and user group records are not
replicated to the standby ASA.
When failover is configured, the standby ASA must also be configured to connect to the AD Agent
directly to retrieve user groups. The standby ASA does not send NetBIOS packets to clients even
when the NetBIOS probing options are configured for the Identity Firewall.
ASA
WMI
AD Servers
Enterprise Main Site
ASA
RADIUS
WAN
LDAP
Directory Sync
Cisco ASA Series Firewall CLI Configuration Guide
Guidelines for the Identity Firewall
mkg.example.com
10.1.1.2
mkg.example.com
10.1.1.2
AD Servers
5-7
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
