Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

using LDAP group to autenticate users from inside network to Internet

Hi team, I got an asa 5510 version 7.2.3 and i need to autenticate my users from inside network to internet using a security group in the Active Directory, anyone can help me with these?

6 REPLIES
Silver

Re: using LDAP group to autenticate users from inside network to

To configure the security appliance for LDAP(Lightweight Directory Access Protocol) authentication and authorization, you must first create an LDAP attribute map which maps customer-defined attribute names to Cisco LDAP attribute names. This prevents you from having to rename your existing attributes using the Cisco names that the security appliance understands.

for more information on configuring LDAP refer:

http://www.cisco.com/en/US/docs/security/asa/asa71/asdm51/selected_procedures/asdmldap.html

Community Member

Re: using LDAP group to autenticate users from inside network to

The case that you sent me is for VPN USERS authentication and autorization, and my issue is using the LDAP Server to authentication and autorization for INSIDE NETWORKS USERS, using for example de attributes of the my AD like memberOf that can be understood by the security appliances.

Community Member

Re: using LDAP group to autenticate users from inside network to

Rigth luis, i have the same issue, i want authenticate groups in AD to give them some authorizations, like URL filtering,, i am trying with the csc module,

Can i?

Community Member

Re: using LDAP group to autenticate users from inside network to

I'm not sure, the recommendations than cisco team TAC sent me was buy a ACS server license to solve my issue, about URL filtering i'm thinking about websense solutions it cost 19$ per user and works very well on CISCO ASA.

cheers !

Community Member

Re: using LDAP group to autenticate users from inside network to

thanks luis.

web sense is for block my lan users using LDAP profile???

DO you know if i can use the csc ssm module??

Community Member

Re: using LDAP group to autenticate users from inside network to

This might not be complete for your needs but it may give you enough of what you need without having to purchase full url filtering etc.

Authenticate with LDAP as shown earlier in this thread, then use this aaa ldap with cut-through proxy -

PIX/ASA : Cut-through Proxy for Network Access using TACACS+ and RADIUS Server Configuration Example

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml

then do some filtering -

ASA/PIX 8.x: Block Certain Websites (URLs) Using Regular Expressions With MPF Configuration Example

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

726
Views
0
Helpful
6
Replies
CreatePlease to create content