Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
314
Views
0
Helpful
1
Replies

Active Directory Authentication

Go to solution
tgillon
Level 1
Level 1

‎12-10-2013 06:57 AM - edited ‎03-11-2019 08:15 PM

Hello,

Currently, to allow staff to access restricted websites from the internet, I obtain their home IP address and enable an access rule to allow them to access that website.  Unfortunately, their home IP addresses are dynamic and change periodically.  I'm looking into allowing them access through my ASA based on their Active Directory credentials.

Under Identity Options in ASDM, I added an entry for my DC and when I click Test and enter credentials, the test is successful.  So, under Access Rules, I modify the rule to allow any access from the internet, but I add certain users from AD.  It doesn't work, however.

I'm not sure what I'm missing.  I looked at the Identity Firewall documentation, but I'm not sure I need an AD Agent, it doesn't seem to be what I need for this scenario.  Does anyone have any ideas or a link they can point me to?  I have been searching, but I can't seem to find what I'm looking for.

Thanks in advance!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎12-10-2013 09:07 AM

Hello,

Yes, you will need the AD agent to run Identity Firewall.

You could also use Cut-Through Proxy for HTTP/HTTPS traffic and using LDAP for the authentication part.

That should do it bud.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎12-10-2013 09:07 AM

Hello,

Yes, you will need the AD agent to run Identity Firewall.

You could also use Cut-Through Proxy for HTTP/HTTPS traffic and using LDAP for the authentication part.

That should do it bud.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card