Cisco ASA Series Cli Configuration Manual page 546

Software version 9.0 for the services module

Hide thumbs Also See for ASA Series:

Configuration manual (429 pages)

Getting started (31 pages)

Mount and connect (12 pages)

Table of Contents

Configuring Objects

The ASA sends an LDAP query to the Active Directory server for user groups globally defined in the

Active Directory domain controller. The ASA imports these groups for identity-based rules. However,

the ASA might have localized network resources that are not defined globally that require local user

groups with localized security policies. Local user groups can contain nested groups and user groups that

are imported from Active Directory. The ASA consolidates local and Active Directory groups.

A user can belong to local user groups and user groups imported from Active Directory.

Prerequisites

Detailed Steps

object-group user user_group_name

hostname(config)# object-group user users1

Add one or more of the following group members:

user domain_NetBIOS_name\user_name

hostname(config-user-object-group)# user

SAMPLE\users1

group-object group_id

hostname(config-network)# group-object

Engineering_groups

description text

hostname(config-protocol)# description New

Cisco ASA Series CLI Configuration Guide

Chapter 1, "Configuring the Identity Firewall,"

to enable IDFW.

Defines object groups that you can use to control access with the

Identity Firewall.

Specifies the user to add to the access rule.

The user_name can contain any character including [a-z], [A-Z],

[0-9], [!@#$%^&()-_{}. ]. If domain_NetBIOS_name\user_name

contains a space, you must enclose the domain name and user

name in quotation marks.

The user_name can be part of the LOCAL domain or a user

imported by the ASA from Active Directory domain.

If the domain_NetBIOS_name is associated with a AAA server,

the user_name must be the Active Directory sAMAccountName,

which is unique, instead of the common name (cn), which might

not be unique.

The domain_NetBIOS_name can be LOCAL or the actual domain

name as specified in user-identity domain

domain_NetBIOS_name aaa-server aaa_server_group_tag

Adds an existing object group under this object group. The nested

group must be of the same type.

(Optional) Adds a description. The description can be up to 200

Configuring Objects

Show Quick Links

Chapters

Table of Contents

Troubleshooting

Cisco ASA Series Cli Configuration Manual page 546

Hide quick links:

Chapters

Troubleshooting

Related Manuals for Cisco ASA Series

Related Products for Cisco ASA Series

This manual is also suitable for:

Table of Contents