Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1516
Views
8
Helpful
7
Replies

Cisco ASA and LDAP Authentication

samirshaikh52
Level 2
Level 2

‎05-13-2011 04:23 AM - edited ‎03-11-2019 01:32 PM

Hello Experts,

We have around 500 computers joined under the windows domain. We are to about to planned a security initiative that any internet user in the domain will authenticate with Cisco ASA 5540. This step will be taken in order to make sure that no worgroup user have internet access.


For more information, we are using ISA 2004 as proxy server.  Therefor please can somone what configuration I need on ASA

Much appreciated. Thanks

Samir

Labels:
0 Helpful
7 Replies 7

samirshaikh52
Level 2
Level 2
In response to Marcin Latosiewicz

‎05-13-2011 06:25 AM

Hi Marcin,

Thanks for your reply.

I would like to let you know I wanted to configure ASA to use AD authentication to allow internal users to access internet. This remedy would restrict workgroup stations deny internet.

0 Helpful

andamani
Cisco Employee
Cisco Employee
In response to samirshaikh52

‎05-13-2011 01:02 PM

Hi Samir,

your requirement is not clear.. are you looking for LDAP configuration on the ASA?

if yes, then the commands would be:

hostname(config)# aaa-server LDAP protocol ldap

hostname(config-aaa-server-group)# aaa-server LDAP (inside) host 10.10.1.5

hostname(config-aaa-server-group)# ldap-base-dn cn=Users,dc=abc,dc=com

hostname(config-aaa-server-group)# ldap-scope subtree

hostname(config-aaa-server-group)# ldap-login-password *

hostname(config-aaa-server-group)# ldap-login-dn CN=Administrator ,DC=abc ,DC=com

hostname(config-aaa-server-group)# server-type microsoft

Hope this helps.

Regards,
Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

samirshaikh52
Level 2
Level 2
In response to andamani

‎05-13-2011 11:21 PM

Hi Anisha,

I need my inside domain users to authneticate with ASA to browse internet.

I hope you understand my scenario.

Samir

0 Helpful

andamani
Cisco Employee
Cisco Employee
In response to samirshaikh52

‎05-14-2011 08:19 AM

Hi Samir,

Cut through Proxy is the answer to your question. Marcin has posted the link. Please go through it.

Hope this helps.

Regards,
Anisha

P.S.: please mark this thread as answered if  you feel your query is resolved. Do rate helpful posts.

0 Helpful

samirshaikh52
Level 2
Level 2
In response to andamani

‎05-15-2011 03:36 AM

Hi Anisha,

Thanks for the reply. I'll go through the link. However, I would to make sure it will not prompt me for authentication instead any user logging to the domain will be authentically authenticates. Please help me to clarify.

thanks

Samir.

0 Helpful

andamani
Cisco Employee
Cisco Employee
In response to samirshaikh52

‎05-15-2011 05:43 PM

Hi,

The Initial authentication will happen i.e. either a telnet authentication, http or ftp. After the authentication session is established, you can proceed communicating any traffic you want.

Hope this helps.

Regards,
Anisha

P.S.: please mark this thread as answered  if  you feel your query is resolved. Do rate helpful posts.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card