Filter
Top Products
72-40
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 72 Configuring Clientless SSL VPN
Understanding How KCD Works
Step 1 Under the Server Access Credential section, configure the following:
• Username—Define a Service Account (Active Directory username) such as JohnDoe, which has
been granted privileges necessary to add computer accounts to the Active Directory domain. The
username does not correspond to a specific administrative user but simply a user with service-level
privileges. This service account is used by the ASA to add a computer account for itself to the Active
Directory domain at every reboot. You must configure the computer account separately to request
Kerberos tickets on behalf of the remote users.
Note Administrative privileges are required for initial join. A user with service-level priviledges
on the domain controller will not get access.
• Password—Define the password associated with the username (such as Cisco123). The password
does not correspond to a specific password but simply a service-level password privilege to add a
device on the Window domain controller.
Step 2 Under the Server Group Configuration section, configure the following:
• Reactivation Mode—Click the mode you want to use (Depletion or Timed). In Depletion mode,
failed servers are reactivated only after all of the servers in the group are inactive. In Timed mode,
failed servers are reactivated after 30 seconds of down time. Depletion is the default configuration.
• Dead Time—If you choose the Depletion reactivation mode, you must add a dead time interval. The
interval represents the duration of time, in minutes, that elapses between the disabling of the last
server in a group and the subsequent re-enabling of all servers. Ten minutes is the default.
• Max Failed Attempts—Set the number of failed connection attempts allowed before declaring a
nonresponsive server to be inactive. Three attempts is the default.
Note Under the Server Table section, the previously configured DC hostname, ServerHostName, was
automatically applied to the KCD Server configuration (see Figure 72-10).