EasyManua.ls Logo

Cisco ASA 5506-X - Configure the Identity Firewall; Configure the Active Directory Domain

Cisco ASA 5506-X
428 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
5-10
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 5 Identity Firewall
Configure the Identity Firewall
Before configuring the Active Directory server on the ASA, create a user account in Active
Directory for the ASA.
Additionally, the ASA sends encrypted log-in information to the Active Directory server by using
SSL enabled over LDAP. SSL must be enabled on the Active Directory server. See the
documentation for Microsoft Active Directory for how to enable SSL for Active Directory.
Note Before running the AD Agent Installer, you must install the patches listed in the README First for the
Cisco Active Directory Agent on each Microsoft Active Directory server that the AD Agent monitors.
These patches are required even when the AD Agent is installed directly on the domain controller server.
Configure the Identity Firewall
To configure the Identity Firewall, perform the following tasks:
Step 1 Configure the Active Directory domain in the ASA.
See Configure the Active Directory Domain, page 5-10.
See also Deployment Scenarios, page 5-4 for the ways in which you can deploy the Active Directory
servers to meet your environment requirements.
Step 2 Configure the AD Agent in ASA.
See Configure Active Directory Agents, page 5-13.
See also Deployment Scenarios, page 5-4 for the ways in which you can deploy the AD Agents to meet
your environment requirements.
Step 3 Configure Identity Options.
See Configure Identity Options, page 5-14.
Step 4 Configure Identity-based Security Policy. After the AD domain and AD Agent are configured, you can
create identity-based object groups and ACLs for use in many features.
See Configure Identity-Based Security Policy, page 5-18.
Configure the Active Directory Domain
Active Directory domain configuration on the ASA is required for the ASA to download Active
Directory groups and accept user identities from specific domains when receiving IP-user mapping from
the AD Agent.
Before You Begin
Active Directory server IP address
Distinguished Name for LDAP base DN
Distinguished Name and password for the Active Directory user that the Identity Firewall uses to
connect to the Active Directory domain controller

Table of Contents

Other manuals for Cisco ASA 5506-X

Preview: Quick Start Guide
Quick Start Guide14 pages
Preview: Software Guide
Software Guide37 pages
Preview: Installation Guide
Installation Guide46 pages
Preview: Easy Setup Guide
Easy Setup Guide11 pages
Preview: Hardware Installation Guide
Hardware Installation Guide52 pages
Preview: Mount And Connect
Mount And Connect12 pages
Preview: Mount The Chassis
Mount The Chassis10 pages

Related product manuals