Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Is the ASA7.1(2) support AD-LDAP authentication?

Follows the ASA7.1(2) configuraiton guide. Is the ASA device part of security appliance and able to support AD-LDAP authentication? if yes, can I have a configuraiton example.

===

LDAP Authentication

Supported on PIX 7.1.x and the security appliance only. VPN 3000 does not support native LDAP authentication. The LDAP server retrieves and searches for the username and enforces any defined attributes as part of the authorization function.

===

Thanks in advance,

1 REPLY
Silver

Re: Is the ASA7.1(2) support AD-LDAP authentication?

yes it supports. The following configuration section gives you an idea about the configuring the authentication.

create aaa-server entry for LDAP server

aaa-server LDAP_Author protocol ldap

aaa-server LDAP_Author (private) host 10.86.195.23

ldap-base-dn ou=people,dc=CorporationXYZ,dc=com

ldap-scope subtree

ldap-naming-attribute c

ldap-login-password mysecret

ldap-login-dn cn=Administrator,cn=Users,dc=frdevtestad,dc=local

configure tunnel-group to use authorization-server-group LDAP and enable authorization required (meaning successful authorization needed, user must exist in the LDAP database)

f1-5# show runn tunnel-group Client

tunnel-group Client type ipsec-ra

tunnel-group Client general-attributes

address-pool mypool

authentication-server-group Kerberos

authorization-server-group LDAP_Author

authorization-required

tunnel-group Client ipsec-attributes

pre-shared-key *

f1-5#

Before VPN tunnel-establishment verify that the user is probaly configured in the LDAP databse . Use the folowing command to verify

# test aaa-server authorization LDAP_Author host 10.86.195.23 user

108
Views
0
Helpful
1
Replies
CreatePlease login to create content