Cisco ASA Series Configuration Manual page 71
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 5
Identity Firewall
To configure the Active Directory domain, perform the following steps:
Procedure
Step 1
Create the AAA server group and configure AAA server parameters for the Active Directory server.
aaa-server server-tag protocol ldap
Example:
hostname(config)# aaa-server adserver protocol ldap
Configure the AAA server as part of a AAA server group and the AAA server parameters that are
Step 2
host-specific for the Active Directory server.
aaa-server server-tag [(interface-name)] host {server-ip | name} [key] [timeout seconds]
Example:
hostname(config-aaa-server-group)# aaa-server adserver (mgmt) host 172.168.224.6
Specifies the location in the LDAP hierarchy where the server should begin searching when it receives
Step 3
an authorization request.
ldap-base-dn string
Example:
hostname(config-aaa-server-host)# ldap-base-dn DC=SAMPLE,DC=com
Specifying the ldap-base-dn command is optional. If you do not specify this command, the ASA
retrieves the defaultNamingContext from the Active Directory and uses it as the base DN.
Specify the extent of the search in the LDAP hierarchy that the server should make when it receives an
Step 4
authorization request.
ldap-scope subtree
Example:
hostname(config-aaa-server-host)# ldap-scope subtree
Specify the login password for the LDAP server.
Step 5
ldap-login-password string
Example:
hostname(config-aaa-server-host)# ldap-login-password obscurepassword
Specify the name of the directory object that the system should bind this as.
Step 6
ldap-login-dn string
Example:
hostname(config-aaa-server-host)# ldap-login-dn SAMPLE\user1
The ASA identifies itself for authenticated binding by attaching a Login DN field to the user
authentication request. The Login DN field describes the authentication characteristics of the ASA.
The string argument is a case-sensitive string of up to 128 characters that specifies the name of the
directory object in the LDAP hierarchy. Spaces are not permitted in the string, but other special
characters are allowed.
Configure the Identity Firewall
Cisco ASA Series Firewall CLI Configuration Guide
5-11
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
