ASA 8.0 authentication with Active directory

sezaar · ‎05-13-2013

Hello

I have a requirement, to authenticate users going through ASA to internet using active directory.

Means, if any user try to browse the web he need to be authenticated using active directory

Is this possible on the ASA .

Thanks

Jatin Katyal · ‎05-13-2013

It seems you're intrested to have cut through proxy auth. Most of the users deploy it with tacacs and radius. However this can also be done via LDAP. In short the aaa authentication match command is used. Traffic that requires authentication is permitted in an access list that is referenced by the aaa authentication match command, which causes the host to be authenticated before the specified traffic is allowed through the ASA.

Here is a link that would help you configuring the same.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080ba6110.shtml

Jatin Katyal

- Do rate helpful posts -

~Jatin

Karsten Iwen · ‎05-13-2013

Another way to achieve that is the identity-firewall. For that you need to upgrade the ASA to at least v8.4.2 (it could be that you also need a memory-upgrade). Then you deploy a virtual appliance that gets integrated into AD where you track the IPs of your users.

This solution is transparent to the user and works quite good.

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_idfw.html

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

mojuneja · ‎05-13-2013

Yes this is possible by Configuring the Identity Firewall, please refer following link-

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_idfw.html

manjeets · ‎05-20-2013

Kindly review the below link:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_idfw.html