39-11
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 39 Configuring the Identity Firewall
Task Flow for Configuring the Identity Firewall
Step 4 Configure Identity-based Access Rules in the ASA.
After AD domain and AD-Agent are configured, identity-based rules can be specified to enforce
identity-based rules. See Configuring Identity-based Access Rules, page 19.
Step 5 Configure local user groups.
See Configuring Local User Groups, page 21.
Step 6 Configure the cut-through proxy.
See Configuring Cut-through Proxy Authentication, page 22.
Configuring the Active Directory Domain
Active Directory domain configuration on the ASA is required for the ASA to download Active
Directory groups and accept user identities from specific domains when receiving IP-user mapping from
the AD Agent.
Prerequisites
• Active Directory server IP address
• Distinguished Name for LDAP base dn
• Distinguished Name and password for the Active Directory user that the Identity Firewall uses to
connect to the Active Directory domain controller
To configure the Active Directory domain, perform the following steps:
Step 1 Choose Configuration > Firewall > Identity Options. The Identity Options pane appears.