cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2342
Views
20
Helpful
8
Replies

Cannot found AD agent

 

Hello,

 

I have a Cisco ASA 5508-X and I want to configure Active Directory authentication.

Hopefully, I found a great tutorial in this website.

My problem is I cannot found ad agent that are required to finish my configuration.

 

So, please help.

8 Replies 8

balaji.bandi
Hall of Fame
Hall of Fame

is this what you looking :

 

https://lessonsintech.wordpress.com/2018/04/20/asa-auth-ad/

 

if not explain more what AD authentication you looking?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi balaji,

This is not exactly what I am looking for. I am trying to control access to a network that I have created with asa. I want only PCs that are registered in the domain can access this network.

To restrict access to domain computers you can use a Dynamic Access Policy (DAP) with your VPN.

DAP uses the hostscan feature - basically you check the connecting PC's registry for a key indicating that it is domain-joined.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/asdm78/vpn/asdm-78-vpn-config/vpn-asdm-dap.html#ID-2184-00000311

Hello Marvin,

 

is it possible to have another method without using VPN ?

I don't understand the question.

When you say "without using VPN" - do you mean they are internal users?

I f they are coming in via VPN you need to either check using the ASA (DAP method) or via some external authentication server like ISE (which in turn informs the ASA that the endpoint is authorized).

This is the architecture that I want to realize.

Please the attached image.

The DHCP is enabled in the network 2.

Only the PCs inside the network 2 should access to the network 1.

Also, the active directory is enabled in the network 2 and all PCs in the network 2 are registered in the domain.

 

The challenge is: if another PC ( in this example the PC3) plug a cable in the switch inside the network 2 and it's not registered to the domain, he should be blocked.

 

So, the only way that the PC3 has access to the network 2 is that the administrator add this PC in the domain.

 

I hope I explain all.

Marvin Rhoads
Hall of Fame
Hall of Fame

AD Agent is old software that was discontinued some time ago. It was used to get username-IP mapping so that you can use usernames in ACLs. The current identity solution is Cisco ISE.

For VPN access you can authenticate to Active Directory directly without requiring an agent.

Ah ok. That's why I cannot found it anywhere.

 

 

Review Cisco Networking for a $25 gift card