Cisco Cisco Web Security Appliance S170 사용자 가이드
14-3
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 14 Achieving Secure Mobility
Transparently Identifying Remote Users
Step 4
To identify remote users by IP address, select the IP Range option, enter a range of IP addresses in the
IP Range field, and then go to step
IP Range field, and then go to step
. Otherwise, go to step
.
Step 5
To identify remote users by integrating with one or more Cisco adaptive security appliances, select the
Cisco ASA Integration option.
Cisco ASA Integration option.
Step 6
Configure at least one Cisco adaptive security appliance by entering the Cisco adaptive security
appliance host name or IP address in the ASA Host Name or IP Address field, and the port number used
to access the ASA in the Port field. The default port number for the Cisco ASA is 11999.
appliance host name or IP address in the ASA Host Name or IP Address field, and the port number used
to access the ASA in the Port field. The default port number for the Cisco ASA is 11999.
Step 7
If multiple Cisco adaptive security appliances are configured in a cluster, click Add Row and configure
each ASA in the cluster. If two Cisco adaptive security appliances are configured for high availability,
enter only one host name or IP address for the active Cisco adaptive security appliance.
each ASA in the cluster. If two Cisco adaptive security appliances are configured for high availability,
enter only one host name or IP address for the active Cisco adaptive security appliance.
Step 8
In the ASA Access Password field, enter the access password for the Cisco adaptive security appliances
specified in steps
specified in steps
and
. The access password must be at least eight characters, and no more than 20
characters. The allowed characters are:
0-9 a-z A-Z . , : ; _ / -
Note
The password you enter here must match the access password configured for the specified Cisco
adaptive security appliances.
adaptive security appliances.
Step 9
Optionally, click Start Test to verify the Web Security appliance can connect to the configured Cisco
adaptive security appliances.
adaptive security appliances.
Step 10
Submit and commit your changes.
Transparently Identifying Remote Users
When the Web Security appliance integrates with a Cisco adaptive security appliance, you can configure
it to identify users by an authenticated user name transparently—that is, without prompting the end user.
You might want to do this to achieve single sign-on for remote users.
it to identify users by an authenticated user name transparently—that is, without prompting the end user.
You might want to do this to achieve single sign-on for remote users.
Note
You can also identify users transparently using Novell eDirectory and Active Directory. For more
information, see
information, see
.
Step 1
Enable Secure Mobility on the Security Services > AnyConnect Secure Mobility page.
For more information, see
.
Step 2
Create an Identity group that applies to remote users:
a.
In the “Define Members by User Location” section, select Remote Users Only.
b.
In the “Define Members by Authentication” section, select “Identify Users Transparently through
Cisco ASA Integration.”
Cisco ASA Integration.”
c.
Configure all other Identity options as desired.
For more information on creating Identities, see
Step 3
Create policies that use the Identity for remote users.