Cisco ASA Series Cli Configuration Manual page 894
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Task Flow for Configuring the Identity Firewall
Command
Step 1
hostname(config)# user-identity enable
Step 2
hostname(config)# user-identity default-domain
domain_NetBIOS_name
Example:
hostname(config)# user-identity default-domain
SAMPLE
Step 3
hostname(config)# user-identity domain
domain_nickname aaa-server aaa_server_group_tag
Example:
hostname(config)# user-identity domain SAMPLE
aaa-server ds
Cisco ASA Series CLI Configuration Guide
1-14
Chapter 1
Configuring the Identity Firewall
Purpose
Enables the Identity Firewall feature.
Specifies the default domain for the Identity
Firewall.
For
domain_NetBIOS_name,
characters consisting of [a-z], [A-Z], [0-9],
[!@#$%^&()-_=+[]{};,. ] except '.' and ' ' at the first
character. If the domain name contains a space,
enclose the entire name in quotation marks. The
domain name is not case sensitive.
The default domain is used for all users and user
groups when a domain has not been explicitly
configured for those users or groups. When a default
domain is not specified, the default domain for users
and groups is LOCAL. For multiple context modes,
you can set a default domain name for each context,
as well as within the system execution space.
Note
The default domain name you specify must
match the NetBIOS domain name
configured on the Active Directory domain
controller. If the domain name does not
match, the AD Agent will incorrectly
associate the user identity-IP address
mappings with the domain name you enter
when configuring the ASA. To view the
NetBIOS domain name, open the Active
Directory user event security log in any text
editor.
The Identity Firewall uses the LOCAL domain for
all locally defined user groups or locally defined
users. Users logging in through a web portal
(cut-through proxy) are designated as belonging to
the Active Directory domain with which they
authenticated. Users logging in through a VPN are
designated as belonging to the LOCAL domain
unless the VPN is authenticated by LDAP with
Active Directory, then the Identity Firewall can
associate the users with their Active Directory
domain.
Associates the LDAP parameters defined for the
AAA server for importing user group queries with
the domain name.
For
enter a name up to 32
domain_nickname,
characters consisting of [a-z], [A-Z], [0-9],
[!@#$%^&()-_=+[]{};,. ] except '.' and ' ' at the first
character. If the domain name contains a space, you
must enclose that space character in quotation
marks. The domain name is not case sensitive.
enter a name up to 32
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
