using LDAP group to autenticate users from inside network to Internet

Unanswered Question
Apr 24th, 2008
User Badges:

Hi team, I got an asa 5510 version 7.2.3 and i need to autenticate my users from inside network to internet using a security group in the Active Directory, anyone can help me with these?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smahbub Wed, 04/30/2008 - 11:56
User Badges:
  • Silver, 250 points or more

To configure the security appliance for LDAP(Lightweight Directory Access Protocol) authentication and authorization, you must first create an LDAP attribute map which maps customer-defined attribute names to Cisco LDAP attribute names. This prevents you from having to rename your existing attributes using the Cisco names that the security appliance understands.


for more information on configuring LDAP refer:

http://www.cisco.com/en/US/docs/security/asa/asa71/asdm51/selected_procedures/asdmldap.html



luisborges Wed, 04/30/2008 - 15:23
User Badges:

The case that you sent me is for VPN USERS authentication and autorization, and my issue is using the LDAP Server to authentication and autorization for INSIDE NETWORKS USERS, using for example de attributes of the my AD like memberOf that can be understood by the security appliances.

yussetamayo Fri, 06/27/2008 - 07:53
User Badges:

Rigth luis, i have the same issue, i want authenticate groups in AD to give them some authorizations, like URL filtering,, i am trying with the csc module,

Can i?

luisborges Fri, 06/27/2008 - 21:33
User Badges:

I'm not sure, the recommendations than cisco team TAC sent me was buy a ACS server license to solve my issue, about URL filtering i'm thinking about websense solutions it cost 19$ per user and works very well on CISCO ASA.


cheers !

yussetamayo Sat, 06/28/2008 - 05:44
User Badges:

thanks luis.

web sense is for block my lan users using LDAP profile???


DO you know if i can use the csc ssm module??

GRAEME DANIELSON Sun, 06/29/2008 - 05:34
User Badges:

This might not be complete for your needs but it may give you enough of what you need without having to purchase full url filtering etc.


Authenticate with LDAP as shown earlier in this thread, then use this aaa ldap with cut-through proxy -


PIX/ASA : Cut-through Proxy for Network Access using TACACS+ and RADIUS Server Configuration Example

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml


then do some filtering -


ASA/PIX 8.x: Block Certain Websites (URLs) Using Regular Expressions With MPF Configuration Example

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml


Actions

This Discussion