EasyManuals Logo
Home>Cisco>Firewall>ASA 5512-X

Cisco ASA 5512-X Configuration Guide

Cisco ASA 5512-X
428 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #79 background imageLoading...
Page #79 background image
5-19
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 5 Identity Firewall
Examples for the Identity Firewall
Collect User Statistics
To activate the collection of user statistics by the Modular Policy Framework and match lookup actions
for the Identify Firewall, perform the following steps:
Procedure
Step 1 Activate the collection of user statistics by the Modular Policy Framework and matches lookup actions
for the Identify Firewall.
user-statistics [accounting | scanning]
Example:
hostname(config)# class-map c-identity-example-1
hostname(config-cmap)# match access-list identity-example-1
hostname(config-cmap)# exit
hostname(config)# policy-map p-identity-example-1
hostname(config-pmap)# class c-identity-example-1
hostname(config-pmap)# user-statistics accounting
hostname(config-pmap)# exit
hostname(config)# service-policy p-identity-example-1 interface outside
The accounting keyword specifies that the ASA collect the sent packet count, sent drop count, and
received packet count. The scanning keyword specifies that the ASA collect only the sent drop count.
When you configure a policy map to collect user statistics, the ASA collects detailed statistics for
selected users. When you specify the user-statistics command without the accounting or scanning
keywords, the ASA collects both accounting and scanning statistics.
Examples for the Identity Firewall
This section provides examples for the Identity Firewall.
• AAA Rule and Access Rule Example 1, page 5-19
• AAA Rule and Access Rule Example 2, page 5-20
• VPN Filter Example, page 5-20
AAA Rule and Access Rule Example 1
This example shows a typical cut-through proxy configuration to allow a user to log in through the ASA.
In this example, the following conditions apply:
• The ASA IP address is 172.1.1.118.
• The Active Directory domain controller has the IP address 71.1.2.93.
• The end-user client has the IP address 172.1.1.118 and uses HTTPS to log in through a web portal.
• The user is authenticated by the Active Directory domain controller via LDAP.
• The ASA uses the inside interface to connect to the Active Directory domain controller on the
corporate network.

Table of Contents

Other manuals for Cisco ASA 5512-X

Preview: Quick Start Guide
Quick Start Guide14 pages
Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide74 pages
Preview: Software Guide
Software Guide37 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5512-X and is the answer not in the manual?

Cisco ASA 5512-X Specifications

General IconGeneral
BrandCisco
ModelASA 5512-X
CategoryFirewall
LanguageEnglish

Related product manuals