ASA 5500 - AD Support

majdalani · ‎12-20-2007

Hi,

Does ASA 5500 support active directory ? in this i mean can i create outbound rules that authenticate users from AD ?

m.volodko · ‎12-20-2007

Hello,

I believe that you can use IAS service from windows server for this. ASA supports radius protocol, well it will looks like ASA->radius->AD.

majdalani · ‎12-21-2007

Hi Thanks for your reply.

one question, can i install IAS on my DC ??

so that RADIUS Server will be the same as DC Server?

IF IAS is installed on a DC, will radius be able to lookup users from the AD ?

m.volodko · ‎12-21-2007

Hello,

Yes.

It's definitely works, I did the same when implement dot1x.

majdalani · ‎12-21-2007

Will check it, and if i have any question, will report back. thanks

majdalani · ‎12-21-2007

Hi,

Do u have any article on how to configure ASA 5500 to use RADIUS in its OUTBOUND rules authentication ?

m.volodko · ‎12-21-2007

Hello,

If you are using radius behind outside interface you have to specify it like:

ciscoasa(config)# aaa-server RADserver (outside) host 10.10.10.10

majdalani · ‎12-21-2007

I want to authenticate my Internal Users, so that based on the authentication, if they go thru Rule # 1 or Rule # 2 in CISCO ASA.

In this stage, i am not intending to authenticate VPN ( Remote Users ) .

I need to authenticate Internal Users.

lets say i want to create the following rules:

rule 1 : allow> protocols> from internal > to external > groupA

rule 2 : allow> protocols> from internal > to external > groupB

is this possible ?

m.volodko · ‎12-21-2007

Just check this document, it's waht you need.

majdalani · ‎12-21-2007

mmm, i would prefer if there is an article that illustrate how to do it with the GUI ( PDM ) , as i am guy who is used to work with GUI stuff :)

Thanks will check it.