Solved: Good answer! Thank you

eigrpy · ‎07-20-2015

Hi As we know, Cisco firewall ASA needs to contact a lot username in database constantly. and the ASA can not hold all of the username. I wonder how ASA associate these usernames in Windows server through ASDM (I do not mean aaa server)? I am managing Anyconnect VPN. So, there are a lot user that need to be managed in ASA

Marvin Rhoads · ‎07-20-2015

The ASA validates the username at logon time via the authentication (aaa process). As long as the session is active, it keeps a record of what user is assigned what IP address.

If you are using the identity firewall features (i.e. usernames in access-list entries), the ASA is additionally communicating with AD for that, potentially via AD Agent (deprecated) or CDA.

View solution in original post

Marvin Rhoads · ‎07-20-2015

The ASA validates the username at logon time via the authentication (aaa process). As long as the session is active, it keeps a record of what user is assigned what IP address.

If you are using the identity firewall features (i.e. usernames in access-list entries), the ASA is additionally communicating with AD for that, potentially via AD Agent (deprecated) or CDA.

eigrpy · ‎07-23-2015

Good answer! Thank you

How can ASDM to use usernames in active directory in Windows server