ASA 5500 - AD Support

Unanswered Question
Dec 20th, 2007

Hi,

Does ASA 5500 support active directory ? in this i mean can i create outbound rules that authenticate users from AD ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
m.volodko Thu, 12/20/2007 - 06:45

Hello,

I believe that you can use IAS service from windows server for this. ASA supports radius protocol, well it will looks like ASA->radius->AD.

majdalani Fri, 12/21/2007 - 04:45

Hi Thanks for your reply.

one question, can i install IAS on my DC ??

so that RADIUS Server will be the same as DC Server?

IF IAS is installed on a DC, will radius be able to lookup users from the AD ?

m.volodko Fri, 12/21/2007 - 05:45

Hello,

Yes.

Yes.

Yes.

It's definitely works, I did the same when implement dot1x.

majdalani Fri, 12/21/2007 - 06:16

Hi,

Do u have any article on how to configure ASA 5500 to use RADIUS in its OUTBOUND rules authentication ?

m.volodko Fri, 12/21/2007 - 06:22

Hello,

If you are using radius behind outside interface you have to specify it like:

ciscoasa(config)# aaa-server RADserver (outside) host 10.10.10.10

majdalani Fri, 12/21/2007 - 06:30

I want to authenticate my Internal Users, so that based on the authentication, if they go thru Rule # 1 or Rule # 2 in CISCO ASA.

In this stage, i am not intending to authenticate VPN ( Remote Users ) .

I need to authenticate Internal Users.

lets say i want to create the following rules:

rule 1 : allow> protocols> from internal > to external > groupA

rule 2 : allow> protocols> from internal > to external > groupB

is this possible ?

majdalani Fri, 12/21/2007 - 09:27

mmm, i would prefer if there is an article that illustrate how to do it with the GUI ( PDM ) , as i am guy who is used to work with GUI stuff :)

Thanks will check it.

Actions

This Discussion