5-13
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 5 Identity Firewall
Configure the Identity Firewall
Configure Active Directory Agents
Configure the primary and secondary AD Agents for the AD Agent Server Group. When the ASA detects
that the primary AD Agent is not responding and a secondary agent is specified, the ASA switches to
the secondary AD Agent. The Active Directory server for the AD agent uses RADIUS as the
communication protocol; therefore, you should specify a key attribute for the shared secret between the
ASA and AD Agent.
Before You Begin
•
AD agent IP address
•
Shared secret between the ASA and AD agent
To configure the AD Agents, perform the following steps:
Procedure
Step 1
Create the AAA server group and configure AAA server parameters for the AD Agent.
aaa-server
server-tag
protocol
radius
Example:
hostname(config)#
aaa-server adagent protocol radius
Step 2
Enable the AD Agent mode.
ad-agent-mode
Example:
hostname(config)# ad-agent-mode
Step 3
Configure the AAA server as part of a AAA server group and the AAA server parameters that are
host-specific for the AD Agent.
aaa-server
server-tag
[(
interface-name
)]
host
{
server-ip
|
name
} [
key
] [
timeout
seconds
]
Example:
hostname(config-aaa-server-group)#
aaa-server adagent (inside) host 192.168.1.101
Step 4
Specify the server secret value used to authenticate the ASA to the AD Agent server.
key
key
Example:
hostname(config-aaa-server-host)#
key mysecret
Step 5
Define the server group of the AD Agent.
user-identity
ad-agent
aaa-server
aaa_server_group_tag
Example:
hostname(config-aaa-server-hostkey)#
user-identity ad-agent aaa-server adagent
The first server defined in the
aaa_server_group_tag
argument
is the primary AD Agent and the second
server defined is the secondary AD Agent. The Identity Firewall supports defining only two AD Agent
hosts.
Summary of Contents for ASA 5508-X
Page 11: ...P A R T 1 Access Control ...
Page 12: ......
Page 157: ...P A R T 2 Network Address Translation ...
Page 158: ......
Page 233: ...P A R T 3 Service Policies and Application Inspection ...
Page 234: ......
Page 379: ...P A R T 4 Connection Management and Threat Detection ...
Page 380: ......