08-24-2011 03:19 AM - edited 03-11-2019 02:16 PM
What is the difference benefits of firewall policy base on User between AD Agent and LDAP?
Thank you.
Best Regards,
08-24-2011 03:32 AM
LDAP is the protocol that the firewall uses to communicate with the AD servers, and AD Agent is required for the ASA to retrieve the user information. So it's not one or the other, both needs to be used.
Here is more information on Identity firewall if you are interested in this feature:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_idfw.html
11-02-2011 08:51 PM
Can you clarify the functionality of the AD Agent. Today we setup our ASA5510 with a AAA server. We use IAS service on a Windows 2003 server for remote client vpn authentication. Does the AD Agent perform the same authentication role. If so, this is great... It would allow us to eliminate Win2K3 and IAS and simply use the ASA - AD Agent and AD on Win2K8 DC. for remote client authenticatio.
11-03-2011 06:34 AM
You don't need to use AD agent for remote client authentication, and you also don't need to use IAS service on Windows 2003 server. You can authenticate directly to your AD on Win2K.
Here is a sample configuration for your reference:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c3c45.shtml
Hope that helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide