Filter
Top Products
39-15
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 39 Configuring the Identity Firewall
Task Flow for Configuring the Identity Firewall
Configuring Active Directory Agent Groups
Configure the primary and secondary AD Agents for the AD Agent Server Group. When the ASA detects
that the primary AD Agent is not responding and a secondary agent is specified, the ASA switches to
secondary AD Agent. The Active Directory server for the AD agent uses RADIUS as the communication
protocol; therefore, you should specify a key attribute for the shared secret between ASA and AD Agent.
To configure the AD Agent Groups, perform the following steps:
Step 1 From the Configure Active Directory Agents dialog, click Add. The Add Active Directory Agent Group
dialog box appears.
Step 2 Enter a name for the AD Agent group.
Step 3 From the Primary Active Directory Agent section, specify the interface on which the ASA listens for
traffic from the AD Agent server, and enter the FQDN of the server or IP address.
Step 4 In the Primary Active Directory Agent section, enter a timeout interval and the retry interval for the
attempts that the ASA will continue to contact the AD Agent when it is not responding.
Step 5 Enter the shared secret key that is used between primary AD Agent and the ASA.
Step 6 From the Secondary Active Directory Agent section, specify the interface on which the ASA listens for
traffic from the AD Agent server, and enter the FQDN of the server or IP address.
Step 7 In the Secondary Active Directory Agent section, enter a timeout interval and the retry interval for the
the attempts that the ASA will continue to contact the AD Agent when it is not responding.
Step 8 Enter the shared secret key that is used between secondary AD Agent and the ASA.
Step 9 Click OK to save your changes.
What to Do Next
Configure access rules for the Identity Firewall. See Configuring Identity-based Access Rules, page 19.