04-24-2008 07:11 PM - edited 03-10-2019 03:48 PM
Hi team, I got an asa 5510 version 7.2.3 and i need to autenticate my users from inside network to internet using a security group in the Active Directory, anyone can help me with these?
04-30-2008 11:56 AM
To configure the security appliance for LDAP(Lightweight Directory Access Protocol) authentication and authorization, you must first create an LDAP attribute map which maps customer-defined attribute names to Cisco LDAP attribute names. This prevents you from having to rename your existing attributes using the Cisco names that the security appliance understands.
for more information on configuring LDAP refer:
http://www.cisco.com/en/US/docs/security/asa/asa71/asdm51/selected_procedures/asdmldap.html
04-30-2008 03:23 PM
The case that you sent me is for VPN USERS authentication and autorization, and my issue is using the LDAP Server to authentication and autorization for INSIDE NETWORKS USERS, using for example de attributes of the my AD like memberOf that can be understood by the security appliances.
06-27-2008 07:53 AM
Rigth luis, i have the same issue, i want authenticate groups in AD to give them some authorizations, like URL filtering,, i am trying with the csc module,
Can i?
06-27-2008 09:33 PM
I'm not sure, the recommendations than cisco team TAC sent me was buy a ACS server license to solve my issue, about URL filtering i'm thinking about websense solutions it cost 19$ per user and works very well on CISCO ASA.
cheers !
06-28-2008 05:44 AM
thanks luis.
web sense is for block my lan users using LDAP profile???
DO you know if i can use the csc ssm module??
06-29-2008 05:34 AM
This might not be complete for your needs but it may give you enough of what you need without having to purchase full url filtering etc.
Authenticate with LDAP as shown earlier in this thread, then use this aaa ldap with cut-through proxy -
PIX/ASA : Cut-through Proxy for Network Access using TACACS+ and RADIUS Server Configuration Example
then do some filtering -
ASA/PIX 8.x: Block Certain Websites (URLs) Using Regular Expressions With MPF Configuration Example
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide