Cisco Cisco ASA for Nexus 1000V Series Switch 기술 매뉴얼
ASA 8.0: Configure LDAP Authentication for
WebVPN Users
WebVPN Users
Document ID: 98625
Contents
Introduction
Prerequisites
Background Information
Configure LDAP Authentication
ASDM
Command Line Interface
Prerequisites
Background Information
Configure LDAP Authentication
ASDM
Command Line Interface
Perform Multi−Domain Searches (Optional)
Verify
Test with ASDM
Test with CLI
Troubleshoot
Related Information
Verify
Test with ASDM
Test with CLI
Troubleshoot
Related Information
Introduction
This document demonstrates how to configure the Cisco Adaptive Security Appliance (ASA) to use an LDAP
server for authentication of WebVPN users. The LDAP server in this example is Microsoft Active Directory.
This configuration is performed with Adaptive Security Device Manager (ASDM) 6.0(2) on an ASA that runs
software version 8.0(2).
server for authentication of WebVPN users. The LDAP server in this example is Microsoft Active Directory.
This configuration is performed with Adaptive Security Device Manager (ASDM) 6.0(2) on an ASA that runs
software version 8.0(2).
Note: In this example Lightweight Directory Access Protocol (LDAP) authentication is configured for
WebVPN users, but this configuration can be used for all other types of remote access clients as well. Simply
assign the AAA server group to the desired connection profile (tunnel group), as shown.
WebVPN users, but this configuration can be used for all other types of remote access clients as well. Simply
assign the AAA server group to the desired connection profile (tunnel group), as shown.
Prerequisites
A basic VPN configuration is required. In this example WebVPN is used.
Background Information
In this example, the ASA checks with an LDAP server in order to verify the identity of users that it
authenticates. This process does not work like a traditional Remote Authentication Dial−In User Service
(RADIUS) or Terminal Access Controller Access−Control System Plus (TACACS+) exhange. These steps
explain, at a high level, how the ASA uses an LDAP server in order to check user credentials.
authenticates. This process does not work like a traditional Remote Authentication Dial−In User Service
(RADIUS) or Terminal Access Controller Access−Control System Plus (TACACS+) exhange. These steps
explain, at a high level, how the ASA uses an LDAP server in order to check user credentials.
The user initiates a connection to the ASA.
1.
The ASA is configured to authenticate that user with the Microsoft Active Directory (AD)/LDAP
server.
server.
2.
The ASA binds to the LDAP server with the credentials configured on the ASA (admin in this case),
and looks up the provided username. The admin user also obtains the appropriate credentials to list
contents within Active Directory. Refer to http://support.microsoft.com/?id=320528
and looks up the provided username. The admin user also obtains the appropriate credentials to list
contents within Active Directory. Refer to http://support.microsoft.com/?id=320528
for more
information about how to grant LDAP query privileges.
3.