Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Firewalls Community


active directory behind asa5505

i have network which i attached on message. my active directory and dns are on network 192.168,0,0/24 bihind the asa5505. my users on network need logon on active directory. i change password for one user in active directory, this user is on network, but i can't logon with new password. how configure firewall access policy for login on active directory?


the configuration asa5505 is:

ASA Version 8.4(2)


hostname ciscoasa

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted



interface Ethernet0/0

switchport access vlan 2


interface Ethernet0/1


interface Ethernet0/2


interface Ethernet0/3


interface Ethernet0/4


interface Ethernet0/5


interface Ethernet0/6


interface Ethernet0/7


interface Vlan1

nameif inside

security-level 100

ip address


interface Vlan2

nameif outside

security-level 0

ip address


ftp mode passive

object network obj_any


object network server


object service ParagrafLex

service tcp source eq 6190 destination eq 6190

object network sharepoint


object network uzzpro


object network share


object-group network internalnetwork


object-group network uzzpro-1

network-object object uzzpro

object-group service DM_INLINE_TCP_1 tcp

port-object eq domain

port-object eq ldap

object-group protocol DM_INLINE_PROTOCOL_1

protocol-object ip

object-group protocol DM_INLINE_PROTOCOL_2

protocol-object udp

protocol-object tcp

object-group protocol TCPUDP

protocol-object udp

protocol-object tcp

access-list outside_access_in extended permit ip host any

access-list outside_access_in_1 extended permit object-group DM_INLINE_PROTOCOL_2 any object server

access-list outside_access_in_1 extended permit object-group DM_INLINE_PROTOCOL_1 any object server

access-list outside_access_in_1 extended permit tcp any object server object-group DM_INLINE_TCP_1

access-list outside_access_in_1 extended permit ip any object share

access-list outside_access_in_1 extended permit object ParagrafLex object server

access-list outside_access_in_1 extended permit object ParagrafLex any object server

access-list inside_access_out extended permit ip any any

pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400


object network obj_any

nat (inside,outside) dynamic interface

object network server

nat (inside,outside) static

object network share

nat (any,any) static

access-group inside_access_out out interface inside

access-group outside_access_in in interface outside control-plane

access-group outside_access_in_1 in interface outside

route outside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd auto_config outside


threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept



class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect ip-options

  inspect icmp


service-policy global_policy global

prompt hostname context

no call-home reporting anonymous


: end

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here