EasyManuals Logo

Cisco ASA 5540 User Manual

Cisco ASA 5540
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #892 background imageLoading...
Page #892 background image
1-12
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring the Identity Firewall
Task Flow for Configuring the Identity Firewall
What to Do Next
Configure AD Agents. See Configuring Active Directory Agents, page 1-12.
Configuring Active Directory Agents
Configure the primary and secondary AD Agents for the AD Agent Server Group. When the ASA detects
that the primary AD Agent is not responding and a secondary agent is specified, the ASA switches to
secondary AD Agent. The Active Directory server for the AD agent uses RADIUS as the communication
protocol; therefore, you should specify a key attribute for the shared secret between ASA and AD Agent.
Requirement
• AD agent IP address
• Shared secret between ASA and AD agent
To configure the AD Agents, perform the following steps:
Command Purpose
Step 1
hostname(config)# aaa-server server-tag protocol
radius
Example:
hostname(config)# aaa-server adagent protocol radius
Creates the AAA server group and configures AAA
server parameters for the AD Agent.
Step 1
hostname(config)# ad-agent-mode
Enables the AD Agent mode.
Step 2
hostname(config-aaa-server-group)# aaa-server
server-tag [(interface-name)] host {server-ip |
name} [key] [timeout seconds]
Example:
hostname(config-aaa-server-group)# aaa-server
adagent (inside) host 192.168.1.101
For the AD Agent, configures the AAA server as
part of a AAA server group and the AAA server
parameters that are host-specific.
Step 3
hostname(config-aaa-server-host)# key key
Example:
hostname(config-aaa-server-host)# key mysecret
Specifies the server secret value used to authenticate
the ASA to the AD Agent server.
Step 4
hostname(config-aaa-server-host)# user-identity
ad-agent aaa-server aaa_server_group_tag
Examples:
hostname(config-aaa-server-hostkey )# user-identity
ad-agent aaa-server adagent
Defines the server group of the AD Agent.
The first server defined in aaa_server_group_tag
variable is the primary AD Agent and the second
server defined is the secondary AD Agent.
The Identity Firewall supports defining only two
AD-Agent hosts.
When ASA detects the primary AD Agent is down
and a secondary agent is specified, it switches to
secondary AD Agent. The aaa-server for the AD
agent uses RADIUS as the communication protocol,
and should specify key attribute for the shared secret
between ASA and AD Agent.
Step 5
hostname(config-aaa-server-host)# test aaa-server
ad-agent
Tests the communication between the ASA and the
AD Agent server.

Table of Contents

Other manuals for Cisco ASA 5540

Preview: Configuration Guide
Configuration Guide1822 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5540 and is the answer not in the manual?

Cisco ASA 5540 Specifications

General IconGeneral
Firewall Throughput650 Mbps
Maximum Firewall Connections400, 000
VPN Throughput225 Mbps
Maximum VPN Peers5, 000
High AvailabilityActive/Active, Active/Standby
IPSec VPN Throughput225 Mbps
Memory1 GB
IPS Throughput225 Mbps
Security Contexts50
Flash Memory64 MB
Form Factor1U
Power SupplyDual
Interfaces4 x 10/100/1000 Ethernet

Related product manuals