Cisco Cisco ASA 5505 Adaptive Security Appliance Manuale Tecnico
Next−Generation Firewall (CX) Active Directory
Integration Configuration Example
Integration Configuration Example
Document ID: 117377
Contributed by Jay Johnston, Prapanch Ramamoorthy, and Kevin Klous,
Cisco TAC Engineers.
Jan 30, 2014
Cisco TAC Engineers.
Jan 30, 2014
Contents
Introduction
Prerequisites
Requirements
Components Used
Configure
The Realm Configuration
Example
The Directory Configuration
Example
Determine the User Search Base
Determine the Group Search Base
Determine the Distinguished Name of Other Objects in Active Directory − ADSI Edit
Verify
Verify the Network Connectivity to the Active Directory Server
Verify the User and Group Lookup with the Active Directory
Troubleshoot
DNS Configuration Problems Cause Active Directory Integration to Fail
Network Connectivity Problems Between the Next−Generation Firewall and the Active Directory Server
Related Information
Prerequisites
Requirements
Components Used
Configure
The Realm Configuration
Example
The Directory Configuration
Example
Determine the User Search Base
Determine the Group Search Base
Determine the Distinguished Name of Other Objects in Active Directory − ADSI Edit
Verify
Verify the Network Connectivity to the Active Directory Server
Verify the User and Group Lookup with the Active Directory
Troubleshoot
DNS Configuration Problems Cause Active Directory Integration to Fail
Network Connectivity Problems Between the Next−Generation Firewall and the Active Directory Server
Related Information
Introduction
This document describes how to determine the appropriate Lightweight Directory Access Protocol (LDAP)
User and Group search information when you configure the Next−Generation Firewall (CX or Context
Firewall) with Prime Security Manager (PRSM) for Identity features. When you configure identity policies
within PRSM, if the Directory User and Group search base information is not entered correctly, the device
will not be able to correctly look up User and Group information and some policies might fail to apply
correctly. This document guides the user through the determination of the correct User and Group search
information for an Active Directory policy and shows how to confirm if the CX can successfully perform
User and Group searches.
User and Group search information when you configure the Next−Generation Firewall (CX or Context
Firewall) with Prime Security Manager (PRSM) for Identity features. When you configure identity policies
within PRSM, if the Directory User and Group search base information is not entered correctly, the device
will not be able to correctly look up User and Group information and some policies might fail to apply
correctly. This document guides the user through the determination of the correct User and Group search
information for an Active Directory policy and shows how to confirm if the CX can successfully perform
User and Group searches.
Prerequisites
Requirements
There are no specific requirements for this document.