Cisco Systems ASA5515K9 Network Router User Manual

Open as PDF

of 1994

36-15

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 36 Configuring the Identity Firewall

Task Flow for Configuring the Identity Firewall

Command Purpose

Step 1

hostname(config)# user-identity enable

Enables the Identity Firewall feature.

Step 2

hostname(config)# user-identity default-domain

domain_NetBIOS_name

Example:

hostname(config)# user-identity default-domain

SAMPLE

Specifies the default domain for the Identity

Firewall.

For

domain_NetBIOS_name, enter a name up to 32

characters consisting of [a-z], [A-Z], [0-9],

[!@#$%^&()-_=+[]{};,. ] except '.' and ' ' at the first

character. If the domain name contains a space,

enclose the entire name in quotation marks. The

domain name is not case sensitive.

The default domain is used for all users and user

groups when a domain has not been explicitly

configured for those users or groups. When a default

domain is not specified, the default domain for users

and groups is LOCAL. For multiple context modes,

you can set a default domain name for each context,

as well as within the system execution space.

Note The default domain name you specify must

match the NetBIOS domain name

configured on the Active Directory domain

controller. If the domain name does not

match, the AD Agent will incorrectly

associate the user identity-IP address

mappings with the domain name you enter

when configuring the ASA. To view the

NetBIOS domain name, open the Active

Directory user event security log in any text

editor.

The Identity Firewall uses the LOCAL domain for

all locally defined user groups or locally defined

users. Users logging in through a web portal

(cut-through proxy) are designated as belonging to

the Active Directory domain with which they

authenticated. Users logging in through a VPN are

designated as belonging to the LOCAL domain

unless the VPN is authenticated by LDAP with

Active Directory, then the Identity Firewall can

associate the users with their Active Directory

domain.

Step 3

hostname(config)# user-identity domain

domain_nickname aaa-server aaa_server_group_tag

Example:

hostname(config)# user-identity domain SAMPLE

aaa-server ds

Associates the LDAP parameters defined for the

AAA server for importing user group queries with

the domain name.

For

domain_nickname, enter a name up to 32

characters consisting of [a-z], [A-Z], [0-9],

[!@#$%^&()-_=+[]{};,. ] except '.' and ' ' at the first

character. If the domain name contains a space, you

must enclose that space character in quotation

marks. The domain name is not case sensitive.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems ASA5515K9 Network Router User Manual