Manuals / Casio / Computer Equipment / Network Router

Casio ISA550WBUN3K9 manual Using Ldap for User Authentication

Models: ISA550WBUN3K9

1 479

Download 479 pages 49.64 Kb

Page 398

User Management	9
User Management
Configuring User Authentication Settings

Using LDAP for User Authentication

The security appliance can use the LDAP directory for user authentication, with support of three schemes including Microsoft Active Directory, RFC2798 InterOrgPerson, and RFC2307 Network Information Service.

STEP 1 Click Users > User Authentication.

STEP 2 Choose LDAP as the authentication method.

STEP 3 Click Configure to configure the LDAP settings.

STEP 4 In the Settings tab, enter the following information:

•IP Address: Enter the IP address of the LDAP server.

•Port Number: Enter the listening IP port number used on the LDAP server. Typically, non-secure connections use 389 and secure connections use 636. The default is 389.

•Server Timeout: Enter the amount of time in seconds that the security appliance will wait for a response from the LDAP server before timing out. The default value is 5 seconds.

The security appliance will retry to log in to the LDAP server if there is no response from the LDAP server after the timeout. For example, if the server timeout is set as 5 seconds and there is no response from the LDAP server after 5 seconds, the security appliance will then retry to log in to the LDAP server 5 seconds later.

•Login Method: Choose one of the following login methods:

-Anonymous Login: Choose this option if the LDAP server allows for the user tree to be accessed anonymously.

-Give Login Name or Location in Tree: Choose this option if the distinguished name that is used to bind to the LDAP server is built from the Primary Domain and User Tree for Login to Server fields in the Directory tab.

-Give Bind Distinguished Name: Choose this option if the destination name is known. You must provide the destination name explicitly to be used to bind to the LDAP server.

•Login User Name: If you choose Give Login Name or Location in Tree or Give Bind Distinguished Name as the login method, enter the user distinguished name of the account that can log into the LDAP server.

Cisco ISA500 Series Integrated Security Appliances Administration Guide

398

Image 398

Casio ISA550WBUN3K9 manual Using Ldap for User Authentication

Contents

Administration Guide Cisco Systems, Inc. All rights reserved 78-20776-03 Important Note FCC Radiation Exposure Statement For ISA550W and ISA570WDéclaration dexposition aux radiations Industry Canada statementCanada Radiation Exposure Statement For ISA550W and ISA570W UL/CB Configuration Wizards Getting StartedUsing Remote Access VPN Wizard for SSL Remote Access Status Networking 115 Understanding Dscp Values 171 Wireless for ISA550W and ISA570W only 206 Vlan Setup 180 Wireless Setup 181 User AuthenticationVlan Setup 222 Wireless Setup 223 User Authentication Firewall 251Security Services 291 General Application Control Settings 314 VPN 333Client Mode 366 Network Extension Mode 367 User Management 388 Device Management 403Contents Appendix a Troubleshooting 453 Appendix D Where to Go From Here 479Getting Started Getting Started Model Description ConfigurationIntroduction ISA550WFront Panel, Back Panel, Product OverviewFront Panel VPN POWER/SYSLight Description USBLINK/ACT Back PanelSpeed ISA550 and ISA550W Back PanelFeature Description ANT01/ANT02Power Switch Getting Started with the Configuration UtilityReset Button PowerLogging in to the Configuration Utility Navigating Through the Configuration Utility Number Component DescriptionIcon Description Action Using the Help SystemConfiguration Utility Icons Getting Started Factory Default Settings Default Settings of Key FeaturesRestoring the Factory Default Settings Parameter Default Value Performing Basic Configuration TasksChanging the Default Administrator Password Upgrading your Firmware After your First Login Click ContinueBacking Up Your Configuration Configuration Wizards Using the Setup Wizard for the Initial Configuration Configuration WizardsStarting the Setup Wizard Enabling Firmware Upgrade Validating Security License Enabling Bonjour and CDP Discovery ProtocolsConfiguring Remote Administration Configuring Physical Ports Configuring WAN Redundancy Configuring the Primary WANConfiguring the Secondary WAN Configuring Default LAN Settings Configuring DMZ Configuring DMZ Services Configuration Wizards WAN IP Configuring Wireless Radio SettingsWAN Configuring Intranet Wlan Access Configure Security Services Security ServicesViewing Configuration Summary Starting the Dual WAN Wizard Configuring a Configurable Port as a Secondary WAN PortClick Configuration Wizards Dual WAN Wizard Configuring the Primary WAN Configuring Network Failure Detection Using the Remote Access VPN Wizard Using the Remote Access VPN Wizard for IPsec RemoteClick Configuration Wizards Remote Access VPN Wizard Starting the Remote Access VPN WizardConfiguring IPsec Remote Access Group Policy Configuring WAN Settings Configuring Operation ModeConfiguring Access Control Settings Configuring DNS and Wins SettingsViewing Group Policy Summary Configuring Backup ServersConfiguring Split Tunneling Configuring IPsec Remote Access User Groups Viewing IPsec Remote Access SummaryUsing Remote Access VPN Wizard for SSL Remote Access Configuring SSL VPN GatewayClient Netmask Client Address Pool Configuring SSL VPN Group Policy Configuration Wizards Configuration Wizards Configuring SSL VPN User Groups Using the Site-to-Site VPN Wizard to Configure Site-to-Site Viewing SSL VPN SummaryStarting the Site-to-Site VPN Wizard Configuring VPN Peer SettingsClick Configuration Wizards Site-to-Site VPN Wizard Configuring IKE Policies Configuring Transform Policies Configuring Local and Remote Networks Click Configuration Wizards DMZ Wizard Using the DMZ Wizard to Configure DMZ SettingsConfiguring Ddns Profiles Starting the DMZ WizardConfiguring DMZ Network Configuration Wizards Configuring DMZ Services WAN Click Configuration Wizards Wireless Wizard Using the Wireless Wizard for ISA550W and ISA570W onlyStarting the Wireless Wizard Configuring Wireless Connectivity Types Specify Wireless Connectivity Settings for All Enabled SSIDs Configuring the Ssid for Intranet Wlan AccessConfiguring Wireless Security, Configuring the Ssid for Guest Wlan Access Configuration Wizards Configuration Wizards Configuration Wizards Field Description Device Status DashboardStatus Dashboard System InformationLicenses StatusResource Utilization Syslog SummarySite-to-Site VPN Remote Access VPNRouting Mode Physical PortsField Status Summary Network StatusStatus Summary EthernetVlan Pvid Vlan DMZTraffic Statistics Traffic StatisticsUsage Reports Status WAN Bandwidth Reports ARP Table ARP TableDhcp Bindings Dhcp BindingsInterface Status Table STP StatusSTP Status Global Status Status CDP Neighbor Wireless Status, Client Status, Wireless Status for ISA550W and ISA570W onlyWireless Status NAT Status NAT StatusClient Status IPsec VPN Status, SSL VPN Status, VPN StatusIPsec VPN Status VPN Status IPsec VPN StatusStatistics VPN Status SSL VPN Status SSL VPN StatusTeleworker VPN Client SSL VPN Statistics Active User Sessions Active User SessionsSecurity Services Reports Web Security ReportAnti-Virus Report Email Security Report Network Reputation Report IPS Report Application Control Report Processes, Resource Utilization, System StatusProcesses System Status ProcessesCPU Utilization Resource UtilizationSystem Status Resource Utilization Memory UtilizationStatus Networking Managing Ports Configuring IPv4 or IPv6 RoutingViewing Network Status NetworkingViewing Status of Physical Interfaces Configuring Physical Ports Configuring Port Mirroring Configuring Port-Based 802.1x Access Control Networking Release or renew a Dhcp WAN connection, Configuring the WANConfiguring WAN Settings for Your Internet Connection Configure the primary WAN Networking Network Addressing Configuration Mode Configure a secondary WANNetwork Addressing Mode Dhcp ClientStatic IP PPPoE ISPPptp L2TP Dual WAN Settings Networking Configuring Link Failover Detection Networking Adding or modifying a Ddns service Configuring Dynamic DNSDdns Services Table Measuring and Limiting Traffic with the Traffic Meter Networking Configuring a Vlan Networking Networking Networking Configuring DMZ About DMZ networksExample DMZ with One Public IP Address for WAN and DMZ Configuring a DMZ Example DMZ with Two Public IP AddressesNetworking Networking Configuring Zones Security Levels for ZonesConfiguring Zones Predefined ZonesServices Configuring Dhcp Reserved IPs Configuring RoutingConfiguring Routing Mode Viewing the Routing TableConfiguring Static Routing Configuring Dynamic Routing RIP Configuring Policy-Based Routing Networking Click Networking QoS General Settings Configuring Quality of ServiceGeneral QoS Settings Click Networking QoS WAN QoS Bandwidth Configuring WAN QoSManaging WAN Bandwidth for Upstream Traffic Configuring WAN Queue Settings Configuring Traffic Selectors Click Networking QoS WAN QoS Queue SettingsNetworking Click Networking QoS WAN QoS QoS Policy Profile Configuring WAN QoS Policy ProfilesConfiguring WAN QoS Class Rules Mapping WAN QoS Policy Profiles to WAN Interfaces WAN QoS Configuration Example WAN1 WAN1IPSource Address Configure WAN QoS for Voice Traffic from LAN to WANClass Name Policy NameQoS Class Rules Configuring WAN QoS for Voice Traffic from WAN to LANQoS Class Rule Configuring LAN QoS Click Networking QoS LAN QoS Queue Settings Configuring LAN Queue SettingsConfiguring LAN QoS Classification Methods Click Networking QoS LAN QoS Classification MethodsLAN Queue CoS Value Mapping CoS to LAN QueueMapping Dscp to LAN Queue Click Networking QoS LAN QoS Mapping CoS to QueueDefault Wireless QoS Settings Configuring Wireless QoSConfiguring Default CoS 802.1p Priority 802.11e PriorityIeee 802.11e to 802.1p Mapping Configuring Wireless QoS Classification MethodsClick Networking QoS Wireless QoS Classification Methods 802.11e Priority 802.1p PriorityUnderstanding Dscp Values Mapping CoS to Wireless QueueMapping Dscp to Wireless Queue Dscp Value Decimal Value Meaning100 Configuring Igmp011 Click Networking IgmpConfiguring Vrrp Click Networking VrrpNetworking Address Management Configuring AddressesConfiguring Addresses, Configuring Address Groups, Click Networking Address ManagementConfiguring Address Groups Configuring Services, Configuring Service Groups, Service ManagementConfiguring Services Click Networking Service ManagementConfiguring Service Groups Configuring Captive Portal RequirementsVlan Setup Before You BeginUser Authentication Configuring a Captive PortalWireless Setup Networking Networking Networking Troubleshooting Using External Web-Hosted CGI Scripts Networking Networking Networking Networking Networking Networking Networking Networking CGI Source Code Example No Authentication and Accept Button Networking Networking Networking Networking Networking If result == 2 result == 5 //document.form1.UserName.focus Networking Networking Documentation Related InformationSupport Cisco Small BusinessCisco Small Business Home Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Viewing Wireless StatusViewing Wireless Statistics Wireless Wireless Status Wireless StatusClick Wireless Basic Settings Configuring the Basic SettingsViewing Wireless Client Status Wireless for ISA550W and ISA570W only Configuring Ssid Profiles Open Configuring Wireless SecuritySecurity Mode Description WEP WPAWPA/WPA2-Personal mixed Supports WPA2WPA + WPA2 WPA/WPA2-Enterprise mixed SupportsWireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Controlling Wireless Access Based on MAC Addresses Configuring Ssid Schedule Mapping the Ssid to VlanConfiguring Wi-Fi Protected Setup Click Wireless Wi-Fi Protected SetupWireless for ISA550W and ISA570W only Configuring Captive Portal Requirements Configuring a Captive Portal Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Troubleshooting Using External Web-Hosted CGI Scripts Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only CGI Source Code Example No Authentication and Accept Button Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only If result == 2 result == 5 //document.form1.UserName.focus Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Related Information Configuring Wireless Rogue AP Detection Click Wireless Rogue AP DetectionAdvanced Radio Settings Click Wireless Advanced SettingsWireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Firewall About Security Zones FirewallSecurity Levels and Predefined Zones Description Default Firewall Settings Click Firewall Access Control Default PoliciesPreliminary Tasks for Configuring Firewall Rules Priorities of Firewall RulesGeneral Firewall Settings Click Firewall Access Control ACL RulesConfiguring a Firewall Rule Configuration Examples,Firewall Configuring a Firewall Rule to Allow Multicast Traffic MAC Address Filtering to Permit or Block Traffic,Configuring Firewall Logging Settings Configuring NAT Rules to Securely Access a Remote Network Viewing NAT Translation Status Firewall NAT NAT StatusOutbound Traffic Priorities of NAT RulesInbound Traffic Configuring Dynamic PAT Rules Click Firewall NAT Dynamic PATConfiguring Static NAT Rules Click Firewall NAT Static NATConfiguring Port Forwarding Rules Click Firewall NAT Port ForwardingFirewall Configuring Port Triggering Rules Click Firewall NAT Port TriggeringConfiguring Advanced NAT Rules Click Firewall NAT Advanced NATConfiguring IP Alias for Advanced NAT rules As Any HttpConfiguring an Advanced NAT Rule to Support NAT Hairpinning From AnyFTP-CONTROL DefaultDefaultnetwork WAN WAN1 WAN IP WAN1IPFirewall and NAT Rule Configuration Examples Allowing Inbound Traffic Using the WAN IP AddressANY Enable Port ForwardingTranslated IP InternalFTP Translated IP RDPServer Allowing Inbound Traffic Using a Public IP AddressRDP WAN WAN1 WAN IPAddress Original Destination PublicIP Original Services Port NameNetmask ZoneTranslated IP InternalIP Enable Port Forwarding Create Firewall Rule OffCU-SEEME Schedule Blocking Outbound Traffic by Schedule and IP Address RangeBlocking Outbound Traffic to an Offsite Mail Server Click Firewall Content Filtering Content Filtering Policies Configuring Content Filtering to Control Internet AccessConfiguring Content Filtering Policy Profiles Configuring Website Access Control List Mapping Content Filtering Policy Profiles to Zones Click Firewall Content Filtering Policy to Zone MappingConfiguring Advanced Content Filtering Settings Click Firewall Content Filtering Advanced SettingsConfiguring MAC Address Filtering to Permit or Block Traffic Click Firewall MAC Filtering MAC Address FilteringConfiguring IP-MAC Binding to Prevent Spoofing Click Firewall MAC Filtering IP MAC Binding RulesConfiguring Attack Protection Click Firewall Attack ProtectionConfiguring Session Limits Click Firewall Session LimitsConfiguring Application Level Gateway Click Firewall Application Level GatewayFirewall Security Services About Security Services IPSActivating Security Services Priority of Security ServicesSecurity Services Dashboard Click Security Services DashboardViewing Security Services Reports Viewing Web Security Report Viewing IPS Report, Viewing Application Control Report,Viewing Anti-Virus Report Viewing Email Security Report Total Since Activated Viewing Network Reputation ReportSystem Date Total Last 7 DaysGraph Viewing IPS ReportTotal Today Viewing Application Control Report Configuring Anti-Virus General Anti-Virus Settings Click Security Services Anti-Virus General SettingsHttp Notification, Protocol ActionNotify + Drop Connection Drop the connection FTPCifs NetbiosNotification, Configuring Advanced Anti-Virus Settings Click Security Services Anti-Virus Advanced SettingsClick Security Services Anti-Virus Http Notification Configuring Http NotificationConfiguring Email Notification Click Security Services Anti-Virus Email NotificationUpdating Anti-Virus Signatures Configuring Application Control Updating Application Signature Database,Important Tips Configuring Application Control PoliciesGeneral Application Control Policy Settings Adding an Application Control Policy Security Services Permitting or Blocking Traffic for an Application General Application Control Settings Enabling Application Control Service Mapping Application Control Policies to ZonesConfiguring Application Control Policy Mapping Rules Updating Application Signature Database Advanced Application Control Settings Click Update DatabaseConfiguring Spam Filter Click Security Services Spam FilterSecurity Services Configuring Intrusion Prevention Security Services Configuring Signature Actions Updating IPS Signature Database Configuring Web Reputation Filtering Click Security Services Web Reputation Filtering Configuring Web URL Filtering Configuring Web URL Filtering Policy Profiles Click Security Services Web URL Filtering Policy ProfileConfiguring Website Access Control List Mapping Web URL Filtering Policy Profiles to Zones Configuring Advanced Web URL Filtering SettingsClick Security Services Web URL Filtering Advanced Settings Security Services Network Reputation VPN About VPNs Viewing IPsec VPN Status, Viewing SSL VPN Status, Viewing VPN StatusViewing IPsec VPN Status VPN VPN Status IPsec VPN StatusField Description Viewing SSL VPN Status VPN VPN Status SSL VPN StatusSSL VPN Statistics VPN Configuring a Site-to-Site VPN Site-to-Site VPNClick VPN Site-to-Site IPsec Policies Configuration Tasks to Establish a Site-to-Site VPN TunnelGeneral Site-to-Site VPN Settings VPN Configuring IPsec VPN Policies VPN VPN VPN 283058 VPN Click VPN Site-to-Site IKE Policies VPN Configuring Transform Sets Click VPN Site-to-Site Transform PoliciesRemote Network Remote Teleworker Configuration ExamplesField Setting IKE PolicyName Enable From TransformDestination Address Translated Services Address TranslatedConfiguring IPsec Remote Access Cisco VPN Client Compatibility Then choose Cisco VPN ClientClick VPN IPsec Remote Access Enabling IPsec Remote AccessConfiguring IPsec Remote Access Group Policies VPN VPN Group Name Allowing IPsec Remote VPN Clients to Access the InternetIKE Authentication WAN InterfaceName VPNClienttoWAN1 Enable From Any Mode Client Pool Range for Client Start IPClient Internet Disable Access WAN Failover LANWAN2IP Name VPNClienttoWAN2 Enable From AnyWAN2 Configuring Teleworker VPN Client Translated Any Destination Address Translated ServicesRequired IPsec VPN Servers Transform SetClient Mode, Benefits of the Teleworker VPN Client FeatureModes of Operation Client Mode Network Extension Mode,Network Extension Mode IPsec VPN Network Extension ConnectionGeneral Teleworker VPN Client Settings Click VPN Teleworker VPN ClientConfiguring Teleworker VPN Client Group Policies VPN VPN Configuring SSL VPN SSL Remote User Access Elements of the SSL VPNConfiguration Tasks to Establish a SSL VPN Tunnel Installing Cisco AnyConnect Secure Mobility Client Configuring SSL VPN Gateway Importing Certificates for User AuthenticationConfiguring SSL VPN Users Click VPN SSL Remote User Access SSL VPN ConfigurationClient Netmask Client Address Pool VPN Configuring SSL VPN Group Policies Click VPN SSL Remote User Access SSL VPN Group PoliciesVPN VPN Accessing SSL VPN Portal Allowing SSL VPN Clients to Access the InternetAddress Original Destination Any Original Services Enable From AnyName SSLVPNtoWAN1 Enable From Any SslvpnaddresspoolName SSLVPNtoWAN2 Enable From Any Configuring L2TP Server Click VPN L2TP ServerService Configuring VPN Passthrough Click VPN VPN PassthroughViewing Active User Sessions Users Active User SessionsAvailable Services for User Groups Configuring Users and User GroupsDefault User and User Group User ManagementClick Users Users and Groups Preempt AdministratorsConfiguring Local Users Configuring Local User Groups User Management Configuring User Authentication Settings Click Users User Authentication Using Local Database for User AuthenticationUsing Radius Server for User Authentication Local Database Settings Radius Server Settings Local Radius Server Settings Database Click Users User Authentication Using Ldap for User Authentication User Management Using Local Database and Ldap for Authentication Configuring Radius Servers Click Users Radius ServersUser Management Device Management Viewing Resource Utilization Viewing System StatusViewing Process Status Administration Configuring Administrator Settings Example https//209.165.201.18080 Configuring Email Alert Settings Click Device Management Administration Email Alert New Firmware Alert Event DescriptionCPU Overload Alert Your Firmware from Cisco.com,Log Facilities, Settings page. See Configuring Log Settings,Security License, WAN Up/Down Alert Check Site-to-Site VPN Up/Down Alert in the Enable columnUp/Down Alert Traffic Meter Alert Anti-Virus AlertSettings. See Configuring Application Control, IPS AlertConfiguring Snmp Click Device Management Administration SnmpBacking Up and Restoring a Configuration Click Device Management Backup/RestoreDevice Management Managing Certificates for Authentication Viewing Certificate Status and Details Click Device Management Certificate ManagementExporting Certificates to Your Local PC Certificate Type DetailsExporting Certificates to a USB Device Importing Certificates from Your Local PCImporting Certificates from a USB Device Generating New Certificate Signing RequestsImporting Signed Certificate for CSR from Your Local PC Configuring Cisco Services and Support Settings Configuring Cisco OnPlus Configuring Remote Support Settings Sending Contents for System DiagnosisConfiguring System Time Click Device Management Date and TimeClick Device Management Device Properties Configuring Device PropertiesDiagnostic Utilities Ping, Traceroute, DNS Lookup, Packet Capture,Ping Click Device Management Diagnostic Utilities PingClick Device Management Diagnostic Utilities Traceroute TraceroutePacket Capture Device Discovery ProtocolsDNS Lookup UPnP Discovery, Bonjour Discovery, CDP Discovery,Click Device Management Discovery Protocols UPnP UPnP DiscoveryLldp Discovery, Click Device Management Discovery Protocols Bonjour Bonjour DiscoveryCDP Discovery Click Device Management Discovery Protocols CDPLldp Discovery Click Device Management Discovery Protocols LldpFirmware Management View the firmware status. See Viewing Firmware Information,Viewing Firmware Information Using the Secondary FirmwareFirmware Version area, click Switch Firmware Click Device Management FirmwareUpgrading your Firmware from Cisco.com Upgrading Firmware from a PC or a USB Device Using Rescue Mode to Recover the System Firmware Auto Fall Back MechanismManaging Security License Checking Security License Status Click Device Management License ManagementInstalling or Renewing Security License Click Device Management Logs View Logs Log ManagementViewing Logs Click Query Configuring Log Settings Click Device Management Logs Log SettingsCritical level Severity Level DescriptionEmergency level Notification levelDevice Management Configuring Log Facilities Click Device Management Logs Logs FacilitiesReset Device area, click Reset to Factory Defaults Rebooting and Resetting the DeviceClick Device Management Reboot/Reset Click Device Management Schedules Configuring SchedulesRebooting the Security Appliance Device Management Device Management Device Management Internet Connection Recommended ActionsTroubleshooting Click Status DashboardRecommended Actions Click Networking WAN WAN Settings Date and Time Enable the Daylight Saving Time Adjustment featureDate and Time Testing the LAN Path from Your PC to Your Security Appliance Pinging to Test LAN ConnectivityTesting the LAN Path from Your PC to a Remote Device Feature ISA550 ISA570Internal Power Supply Physical SpecificationsDevice Management Feature SettingRemote Administration CDP Factory Default SettingsSnmp LldpLocal Users User ManagementUser Groups IPv4 or IPv6 Routing User Authentication MethodsNetworking Network Addressing ModesVLANs Port-based Access ControlWAN Redundancy Operation Modes Zones RoutingLAN QOS VrrpWireless Captive Portal Wi-Fi Protected Setup WPSRogue AP Detection IKE PoliciesIPsec Remote Access SSL VPNFirewall Security ServicesFeatures Setting MAC Address Filtering Content FilteringNAT IP MAC BindingReports Default Service Objects Service Name Protocol Port Description Start EndFTP-DATA TCP IKE UDP Rtelnet TCP Default Address Objects Address Name Type IP, IP/Netmask, or IP RangeProduct Documentation Product ResourcesSupport Cisco Small Business