39-22
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 39 Configuring the Identity Firewall
Task Flow for Configuring the Identity Firewall
Step 3 Enter a name and description for the group.
The group name can contain any character including [a-z], [A-Z], [0-9], [!@#$%^&()-_{}. ]. If the group
name contains a space, you must enclose the name in quotation marks.
Step 4 From the Domain list, select the default domain for users in this group or click Manage to add a new
domain or edit and existing domain.
Step 5 To add existing groups to this group, enter a search string in the text box and click Find.
Step 6 To add users to the group, enter a search string in the text box and click Find.
Step 7 Select groups and click the Add button to add them to the group.
Step 8 Select users and click the Add button to add them to the group.
Step 9 Click OK to save your changes.
Configuring Cut-through Proxy Authentication
In an enterprise, some users log onto the network by using other authentication mechanisms, such as
authenticating with a web portal (cut-through proxy) or by using a VPN. For example, users with a
Machintosh and Linux client might log in a web portal (cut-through proxy) or by using a VPN.
Therefore, you must configure the Identity Firewall to allow these types of authentication in connection
with identity-based access policies.
The ASA designates users logging in through a web portal (cut-through proxy) as belonging to the
Active Directory domain with which they authenticated. The ASA designates users logging in through
a VPN as belonging to the LOCAL domain unless the VPN is authenticated by LDAP with Active
Directory, then the Identity Firewall can associate the users with their Active Directory domain. The
ASA reports users logging in through VPN authentication or a web portal (cut-through proxy) to the AD
Agent, which distributes the user information to all registered ASA devices.
Users can log in by using HTTP/HTTPS, FTP, Telnet, or SSH. When users log in with these
authentication methods, the following guidelines apply: