Firstly you need to create a ‘service account’ in Active Directory that the ASA will use, it only need to be able to browse the AD, so a simple Domain User is fine. Then create a user group that you want to grant AnyConnect Access to; And, then create a test user and put that user in your domain group. Configure the ASA. The purpose of my question is to receive expert opinion on which of two approaches is superior for configuring authentication against Windows Active Directory through a Cisco ASA5510. We'd like to authenticate remote VPN users against AD and it appears that there are two ways of doing it: 1.
Asa Firepower Active Directory Integration
- ASA user authentication with Active Directory. Posted on August 25, 2010 by jimmy. Most often we Cisco-guys uses radius or tacacs when we are about to do authentication of users. But did you know that doing authentication from VPN to a user-database in an Active Directory doesn´t require IAS, ACS or any third party software at all.
- The ASA is configured to authenticate that user with the Microsoft Active Directory (AD)/LDAP server. The ASA connects to the LDAP server with the credentials configured on the ASA (ASAusername in this case), and looks up the user provided username.
- Responsible for day-to-day administration duties including Windows Active Directory object maintenance, Conducts complex troubleshooting and repair tasks on Active Directory, Windows Server 2008-2019, Domain Controllers, DNS, user authentication and other operational systems as needed.
- Writes scripts utilizing Directory Services to provide Identity Management and User/Group management tools utilizing Active Directory as the backbone for the Identity Access Management implementation.
- Provides technical review of existing implementations and administrative practices (account and network administration, GPOs, OUs, DNS, etc.)
- Administers Users, Group and Computer objects and create Group Policy using Group Policy Management Console.
- Participates in data cleansing efforts including remediation of duplicate user ID’s, Directory Information Tree (DIT) redesign and modification recommendations, consolidation of Group Policy Objects, and implementation of access restrictions and auditing.
- Provides basic training and support for design and administrative team members.
- Experience in windows deployment solutions (SCCM, Ghost, etc).
- Serves as in-house expert on best practices and efficient solutions supporting the Identity and Access Management (IAM) strategy to ensure proper implementation and leveraging of the Identity Management solutions.
- Establishes service specifications to other systems including permissions modification, deletion, role definitions, reclassification and other similar access management related functions.
- Maintains the enterprise identity management infrastructure and performs considerable work in the development and implementation of workflows and data integration/transformations in an identity management system.
- Microsoft Certified Solutions Associate (MCSA)
- Microsoft Certified Solutions Expert (MCSE)
Asa Active Directory Integration
- Ability to install, configure and troubleshoot Active Directory and DNS for Active Directory, as well as skills necessary for Group Policy and Active Directory Security solutions.
- Heavy Active Directory and Directory Services knowledge necessary.
- Hands-on project experience designing and implementing custom identity workflows, resource provisioning and role based access controls.
- Working experience of lightweight Directory Access Protocol (LDAP).
- Working experience of operating-system administration skills of Windows Server 2008-2019.
- Specific training and certifications is a plus.
- Power Shell, VB Script, Java Scripting is a plus.