EasyManuals Logo
Home>Cisco>Firewall>5510 - ASA SSL / IPsec VPN Edition

Cisco 5510 - ASA SSL / IPsec VPN Edition User Manual

Cisco 5510 - ASA SSL / IPsec VPN Edition
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #888 background imageLoading...
Page #888 background image
1-8
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring the Identity Firewall
Prerequisites
IPv6 Guidelines
• Supports IPv6.
The AD Agent supports endpoints with IPv6 addresses. It can receive IPv6 addresses in log events,
maintain them in its cache, and send them through RADIUS messages.
• NetBIOS over IPv6 is not supported
Additional Guidelines and Limitations
• A full URL as a destination address is not supported.
• For NetBIOS probing to function, the network between the ASA, AD Agent, and clients must
support UDP-encapsulated NetBIOS traffic.
• MAC address checking by the Identity Firewall does not work when intervening routers are present.
Users logged onto clients that are behind the same router have the same MAC addresses. With this
implementation, all the packets from the same router are able to pass the check, because the ASA is
unable to ascertain to the actual MAC addresses behind the router.
• The following ASA features do not support using the identity-based object and FQDN in an
extended ACL:
–
route-map
–
Crypto map
–
WCCP
–
NAT
–
group-policy (except VPN filter)
–
DAP
• When you use the Cisco Context Directory Agent (CDA) in conjunction with the ASA or Cisco
Ironport Web Security Appliance (WSA), make sure that you open the following ports:
–
Authentication port for UDP—1645
–
Accounting port for UDP—1646
–
Listening port for UDP—3799
The listening port is used to send change of authentication requests from the CDA to the ASA
or to the WSA.
• For domain names, the following characters are not valid: \/:*?"<>|. For naming conventions, see
http://support.microsoft.com/kb/909264.
• For usernames, the following characters are not valid: \/[]:;=,+*?"<>|@.
• For user groups, the following characters are not valid: \/[]:;=,+*?"<>|.
Prerequisites
Before configuring the Identity Firewall in the ASA, you must meet the prerequisites for the AD Agent
and Microsoft Active Directory.
AD Agent
The AD Agent must be installed on a Windows server that is accessible to the ASA. Additionally, you
must configure the AD Agent to obtain information from the Active Directory servers. Configure the AD
Agent to communicate with the ASA.

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Configuration Guide
Configuration Guide1822 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals