I am trying to configure the AD lookup agent onto my firewall estate (too many users insist on moving who have firewall rules set by IP address).
On a test firewall I have the agent working perfectly doing the lookups on the AD domain for the usernames and then using the agent to match IP addresses and usernames together.
So the firewall is working as expected.
However the Cisco Security Manager (v4.5) side is another matter...
The firewall has been imported in and the AD-Server-group and AAA-Server records have imported correctly.
However when I go to configure CSM to use the options we have a problem.
I have gone into Cisco Security Manager - Administration
Then down to identity settings.
I have added an AD server group using the domain INSURANCE (same as the agent is configured on the firewall) and using the same object as the firewall.
The default domain has been set as INSURANCE
Route query is via CSM Client (however the changing this to server doesn't make any difference)
All looks fine here, however clicking selecting the entry in the table and clicking test brings the following error message up.
I have run a wireshark on my machine and I can see an LDAP request going via my machine, however this contains the AD login, and bizzarely the login password (even though it is an SSL connection, but no more data.
We didn't change any settings on the domain controller, and the same account works on the firewall.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :