Cisco Systems ASA 5555-X Network Router User Manual


  Open as PDF
of 712
 
25-20
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 25 Configuring the ASA for Cisco Cloud Web Security
Configuration Examples for Cisco Cloud Web Security
parameters
default user user1 group group1
https
class whiteListCmap
whitelist
After creating this inspect policy, attach it to the policy map to be assigned to the service group:
policy-map pmap
class web
inspect scansafe ss fail-close
class https
inspect scansafe ss2 fail-close
Then attach the policy map to a service-policy to make it in effect globally or by ASA interface:
service-policy pmap interface inside
Directory Integration Examples
This section contains various example configurations for directory integration. See also Chapter 38,
“Configuring the Identity Firewall,” in the general operations configuration guide.
Configuring the Active Directory Server Using LDAP, page 25-20
Configuring the Active Directory Agent Using RADIUS, page 25-21
Creating the ASA as a Client on the AD Agent Server, page 25-21
Creating a Link Between the AD Agent and DCs, page 25-21
Testing the AD Agent, page 25-21
Configuring the Identity Options on the ASA, page 25-21
Configuring the User Identity Options and Enabling Granular Reporting, page 25-21
Monitoring the Active Directory Groups, page 25-22
Downloading the Entire Active-User Database from the Active Directory Server, page 25-22
Downloading the Database from the AD Agent, page 25-22
Showing a List of Active Users, page 25-22
Configuring the Active Directory Server Using LDAP
The following example shows how to configure the Active Directory server on your ASA using LDAP:
hostname(config)# aaa-server AD protocol ldap
hostname(config-aaa-server-group)# aaa-server AD (inside) host 192.168.116.220
hostname(config-aaa-server-host)# ldap-base-dn DC=ASASCANLAB,DC=local
hostname(config-aaa-server-host)# ldap-scope subtree
hostname(config-aaa-server-host)# server-type microsoft
hostname(config-aaa-server-host)# server-port 389
hostname(config-aaa-server-host)# ldap-login-dn
cn=administrator,cn=Users,dc=asascanlab,dc=local
hostname(config-aaa-server-host)# ldap-login-password Password1
 previous next