Cisco ASA Series Cli Configuration Manual page 890
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Task Flow for Configuring the Identity Firewall
See
See also
your environment requirements.
Step 3
Configure Identity Options.
See
Step 4
Configure Identity-based Security Policy.
After AD domain and AD-Agent are configured, you can create identity-based object groups and ACLs
for use in many features. See
Configuring the Active Directory Domain
Active Directory domain configuration on the ASA is required for the ASA to download Active
Directory groups and accept user identities from specific domains when receiving IP-user mapping from
the AD Agent.
Prerequisites
•
•
•
To configure the Active Directory domain, perform the following steps:
Command
Step 1
hostname(config)# aaa-server server-tag protocol
ldap
Example:
hostname(config)# aaa-server adserver protocol ldap
Step 2
hostname(config-aaa-server-group)# aaa-server
server-tag [(interface-name)] host {server-ip |
name} [key] [timeout seconds]
Example:
hostname(config-aaa-server-group)# aaa-server adserver
(mgmt) host 172.168.224.6
Step 3
hostname(config-aaa-server-host)# ldap-base-dn
string
Example:
hostname(config-aaa-server-host)# ldap-base-dn
DC=SAMPLE,DC=com
Step 4
hostname(config-aaa-server-host)# ldap-scope subtree
Cisco ASA Series CLI Configuration Guide
1-10
Configuring Active Directory Agents, page
Deployment Scenarios, page 1-4
Configuring Identity Options, page
Configuring Identity-Based Security Policy, page
Active Directory server IP address
Distinguished Name for LDAP base dn
Distinguished Name and password for the Active Directory user that the Identity Firewall uses to
connect to the Active Directory domain controller
Chapter 1
1-12.
for the ways in which you can deploy the AD Agents to meet
1-13.
Purpose
Creates the AAA server group and configures AAA
server parameters for the Active Directory server.
For the Active Directory server, configures the AAA
server as part of a AAA server group and the AAA
server parameters that are host-specific.
Specifies the location in the LDAP hierarchy where
the server should begin searching when it receives
an authorization request.
Specifying the ldap-base-dn command is optional.
If you do not specify this command, the ASA
retrieves the defaultNamingContext from Active
Directory and uses it as the base DN.
Specifies the extent of the search in the LDAP
hierarchy that the server should make when it
receives an authorization request.
Configuring the Identity Firewall
1-18.
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
