EasyManuals Logo

Cisco ASA Series User Manual

Cisco ASA Series
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #546 background imageLoading...
Page #546 background image
1-12
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Objects
Configuring Objects
The ASA sends an LDAP query to the Active Directory server for user groups globally defined in the
Active Directory domain controller. The ASA imports these groups for identity-based rules. However,
the ASA might have localized network resources that are not defined globally that require local user
groups with localized security policies. Local user groups can contain nested groups and user groups that
are imported from Active Directory. The ASA consolidates local and Active Directory groups.
A user can belong to local user groups and user groups imported from Active Directory.
Prerequisites
See Chapter 1, “Configuring the Identity Firewall, to enable IDFW.
Detailed Steps
Command Purpose
Step 1
object-group user user_group_name
Example:
hostname(config)# object-group user users1
Defines object groups that you can use to control access with the
Identity Firewall.
Step 2
Add one or more of the following group members:
user domain_NetBIOS_name\user_name
Example:
hostname(config-user-object-group)# user
SAMPLE\users1
Specifies the user to add to the access rule.
The user_name can contain any character including [a-z], [A-Z],
[0-9], [!@#$%^&()-_{}. ]. If domain_NetBIOS_name\user_name
contains a space, you must enclose the domain name and user
name in quotation marks.
The user_name can be part of the LOCAL domain or a user
imported by the ASA from Active Directory domain.
If the domain_NetBIOS_name is associated with a AAA server,
the user_name must be the Active Directory sAMAccountName,
which is unique, instead of the common name (cn), which might
not be unique.
The domain_NetBIOS_name can be LOCAL or the actual domain
name as specified in user-identity domain
domain_NetBIOS_name aaa-server aaa_server_group_tag
command.
group-object group_id
Example:
hostname(config-network)# group-object
Engineering_groups
Adds an existing object group under this object group. The nested
group must be of the same type.
Step 3
description text
Example:
hostname(config-protocol)# description New
Group
(Optional) Adds a description. The description can be up to 200
characters.

Table of Contents

Other manuals for Cisco ASA Series

Preview: Configuration Guide
Configuration Guide428 pages
Preview: Mount And Connect
Mount And Connect12 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA Series and is the answer not in the manual?

Cisco ASA Series Specifications

General IconGeneral
ModelASA 5505
InterfacesVaries by model (Fast Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet, etc.)
High AvailabilityActive/Standby or Active/Active (varies by model)
Power SupplyVaries by model
Form FactorVaries by model
Operating SystemCisco ASA Software
IPsec VPNSupported
SSL VPNSupported
IPS ThroughputVaries by model

Related product manuals