Cisco Cisco Web Security Appliance S690 Guía Del Usuario
10-19
AsyncOS 10.0 for Cisco Web Security Appliances User Guide
Chapter 10 Create Policies to Control Internet Requests
Remote Users
How to Configure Identification of Remote Users
Configuring Identification of Remote Users
Step 1
Security Services > AnyConnect Secure Mobility, and click Enable.
Step 2
Read the terms of the AnyConnect Secure Mobility License Agreement, and click Accept.
Step 3
Configure how to identify remote users.
Step 4
Submit and Commit Changes.
Task
Further information
1.
Configure identification of remote users.
2.
Create an identity for remote users.
a.
In the “Define Members by User Location”
section, select Remote Users Only.
section, select Remote Users Only.
b.
In the “Define Members by Authentication”
section, select “Identify Users Transparently
through Cisco ASA Integration.”
section, select “Identify Users Transparently
through Cisco ASA Integration.”
3.
Create a policy for remote users.
Option
Description
Additional Steps
IP Address
Specify a range of IP addresses
that the appliance should consider
as assigned to remote devices.
that the appliance should consider
as assigned to remote devices.
1.
Enter a range of IP addresses in the IP Range
field.
field.
2.
Go to step 4
Cisco ASA
Integration
Integration
Specify one or more Cisco ASA
the Web Security appliance
communicates with. The Cisco
ASA maintains an IP
address-to-user mapping and
communicates that information
with the Web Security appliance.
When the Web Proxy receives a
transaction, it obtains the IP
address and determines the user
by checking the IP
address-to-user mapping. When
users are determined by
integrating with a Cisco ASA,
you can enable single sign-on for
remote users.
the Web Security appliance
communicates with. The Cisco
ASA maintains an IP
address-to-user mapping and
communicates that information
with the Web Security appliance.
When the Web Proxy receives a
transaction, it obtains the IP
address and determines the user
by checking the IP
address-to-user mapping. When
users are determined by
integrating with a Cisco ASA,
you can enable single sign-on for
remote users.
1.
Enter the Cisco ASA host name or IP address.
2.
Enter the port number used to access the ASA.
The default port number for the Cisco ASA is
11999.
The default port number for the Cisco ASA is
11999.
3.
If multiple Cisco ASA are configured in a
cluster, click Add Row and configure each
ASA in the cluster.
cluster, click Add Row and configure each
ASA in the cluster.
Note
If two Cisco ASA are configured for high
availability, enter only one host name or IP
address for the active Cisco ASA.
availability, enter only one host name or IP
address for the active Cisco ASA.
4.
Enter the access passphrase for the Cisco ASA.
Note
The passphrase you enter here must match
the access passphrase configured for the
specified Cisco ASA.
the access passphrase configured for the
specified Cisco ASA.
5.
Optional, click Start Test to verify the Web
Security appliance can connect to the
configured Cisco ASA.
Security appliance can connect to the
configured Cisco ASA.