11-02-2020 04:17 AM
Hello,
I have a Cisco ASA 5508-X and I want to configure Active Directory authentication.
Hopefully, I found a great tutorial in this website.
My problem is I cannot found ad agent that are required to finish my configuration.
So, please help.
11-02-2020 04:21 AM
is this what you looking :
https://lessonsintech.wordpress.com/2018/04/20/asa-auth-ad/
if not explain more what AD authentication you looking?
11-04-2020 03:15 AM
Hi balaji,
This is not exactly what I am looking for. I am trying to control access to a network that I have created with asa. I want only PCs that are registered in the domain can access this network.
11-04-2020 04:45 AM
To restrict access to domain computers you can use a Dynamic Access Policy (DAP) with your VPN.
DAP uses the hostscan feature - basically you check the connecting PC's registry for a key indicating that it is domain-joined.
11-04-2020 10:24 PM
Hello Marvin,
is it possible to have another method without using VPN ?
11-05-2020 10:29 AM
I don't understand the question.
When you say "without using VPN" - do you mean they are internal users?
I f they are coming in via VPN you need to either check using the ASA (DAP method) or via some external authentication server like ISE (which in turn informs the ASA that the endpoint is authorized).
11-05-2020 12:39 PM
This is the architecture that I want to realize.
Please the attached image.
The DHCP is enabled in the network 2.
Only the PCs inside the network 2 should access to the network 1.
Also, the active directory is enabled in the network 2 and all PCs in the network 2 are registered in the domain.
The challenge is: if another PC ( in this example the PC3) plug a cable in the switch inside the network 2 and it's not registered to the domain, he should be blocked.
So, the only way that the PC3 has access to the network 2 is that the administrator add this PC in the domain.
I hope I explain all.
11-02-2020 05:43 AM
AD Agent is old software that was discontinued some time ago. It was used to get username-IP mapping so that you can use usernames in ACLs. The current identity solution is Cisco ISE.
For VPN access you can authenticate to Active Directory directly without requiring an agent.
11-04-2020 12:58 AM
Ah ok. That's why I cannot found it anywhere.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide