What is the difference benefits between AD Agent and LDAP?

kasipon_cisco · ‎08-24-2011

What is the difference benefits of firewall policy base on User between AD Agent and LDAP?

Thank you.

Best Regards,

Jennifer Halim · ‎08-24-2011

LDAP is the protocol that the firewall uses to communicate with the AD servers, and AD Agent is required for the ASA to retrieve the user information. So it's not one or the other, both needs to be used.

Here is more information on Identity firewall if you are interested in this feature:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_idfw.html

joe-campbell · ‎11-02-2011

Can you clarify the functionality of the AD Agent. Today we setup our ASA5510 with a AAA server. We use IAS service on a Windows 2003 server for remote client vpn authentication. Does the AD Agent perform the same authentication role. If so, this is great... It would allow us to eliminate Win2K3 and IAS and simply use the ASA - AD Agent and AD on Win2K8 DC. for remote client authenticatio.

Jennifer Halim · ‎11-03-2011

You don't need to use AD agent for remote client authentication, and you also don't need to use IAS service on Windows 2003 server. You can authenticate directly to your AD on Win2K.

Here is a sample configuration for your reference:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c3c45.shtml

Hope that helps.