Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

active directory behind asa5505

i have network which i attached on message. my active directory and dns are on network 192.168,0,0/24 bihind the asa5505. my users on network 10.15.100.0/24 need logon on active directory. i change password for one user in active directory, this user is on network 10.15.100.0./24, but i can't logon with new password. how configure firewall access policy for login on active directory?

thanks

the configuration asa5505 is:

ASA Version 8.4(2)

!

hostname ciscoasa

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.0.17 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 10.13.74.33 255.255.255.0

!

ftp mode passive

object network obj_any

subnet 0.0.0.0 0.0.0.0

object network server

host 192.168.0.20

object service ParagrafLex

service tcp source eq 6190 destination eq 6190

object network sharepoint

host 192.168.0.22

object network uzzpro

range 10.13.74.40 10.13.74.45

object network share

host 192.168.0.22

object-group network internalnetwork

network-object 192.168.0.0 255.255.255.0

object-group network uzzpro-1

network-object object uzzpro

object-group service DM_INLINE_TCP_1 tcp

port-object eq domain

port-object eq ldap

object-group protocol DM_INLINE_PROTOCOL_1

protocol-object ip

object-group protocol DM_INLINE_PROTOCOL_2

protocol-object udp

protocol-object tcp

object-group protocol TCPUDP

protocol-object udp

protocol-object tcp

access-list outside_access_in extended permit ip host 10.13.74.35 any

access-list outside_access_in_1 extended permit object-group DM_INLINE_PROTOCOL_2 any object server

access-list outside_access_in_1 extended permit object-group DM_INLINE_PROTOCOL_1 any object server

access-list outside_access_in_1 extended permit tcp any object server object-group DM_INLINE_TCP_1

access-list outside_access_in_1 extended permit ip any object share

access-list outside_access_in_1 extended permit object ParagrafLex 10.15.100.0 255.255.255.0 object server

access-list outside_access_in_1 extended permit object ParagrafLex any object server

access-list inside_access_out extended permit ip any any

pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

!

object network obj_any

nat (inside,outside) dynamic interface

object network server

nat (inside,outside) static 10.13.74.34

object network share

nat (any,any) static 10.13.74.39

access-group inside_access_out out interface inside

access-group outside_access_in in interface outside control-plane

access-group outside_access_in_1 in interface outside

route outside 0.0.0.0 0.0.0.0 10.13.74.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

http server enable

http 192.168.0.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd auto_config outside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect ip-options

  inspect icmp

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:7fad0f3fa79403a75cadcf93cdedf4da

: end

334
Views
0
Helpful
0
Replies