LDAP Authentication for Cisco ASA

Create AAA Server Group

1. Launch the Cisco Adaptive Security Device Manager (ASDM), select Configuration in top toolbar, select Device Management.
2. In the control pannel, select Users/AAA and navigate to AAA Server Groups
3. Click "Add" button on the right
   1. Enter the name for AAA server group
   2. Select "LDAP" protocol
   3. Click "OK" when completed
      
      
      
      
      
      
4. Select the newly create AAA Server Group, e.g. LDAPBROKER
5. Click "Add" in the "Servers in the Selected Group"
   1. Select "inside" interface
   2. Enter the IP address of the DualShield Autentication Server
   3. Set the Server Port to 389
   4. Select the Server Type. e.g. Microsoft
   5. Enter Base DN as: dc=deepnetsecurity, dc=com
   6. Enter Login DN as: cn=dualshield, dc=deepnetsecurity, dc=com
   7. Enter Login Password: password
   8. Click "OK" when completed
      
      
      
      
6. Click "Apply" button to save settings

Configure Connection Profile

1. Select Remote Access in the accordion menu on the bottom 
2. Select Clientless SSL VPN Access, click Connection Profiles
3. In the Connection Profiles section, select your existing SSL VPN profile and click Edit, e.g. LDAPBROKER
   (Click "Add" if you do not yet have a SSL VPN profile)
   
   
   
   
4. Select newly created AAA Server Group, e.g. LDAPBROKER
   
   
   
   
5. Click "OK" and "Apply" to save the settings

Test Logon

Navigate to the Cisco ASA SSL VPN logon  page: