36-6
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter36 Configuring the Identity Firewall
Information About the Identity Firewall
Figure 36-5 shows a WAN-based deployment to support a remote site. The Active Directory server and
the AD Agent are installed on the main site LAN. The clients are located at a remote site and connect to
the Identity Firewall components over a WAN.
Figure36-5 WAN-based Deployment
Figure 36-6 also shows a WAN-based deployment to support a remote site. The Active Directory server
is installed on the main site LAN. However, the AD Agent is installed and access by the clients at the
remote site. The remote clients connect to the Active Directory servers at the main site over a WAN.
Figure36-6 WAN-based Deployment with Remote AD Agent
Figure 36-7 shows an expanded remote site installation. An AD Agent and Active Directory servers are
installed at the remote site. The clients access these components locally when logging into network
resources located at the main site. The remote Active Directory server must synchronize its data with the
central Active Directory servers located at the main site.
Enterprise Main Site
xxxxxx
ASA
AD Servers
AD Agent
mktg.sample.com
10.1.1.2
WMI
LDAP
RADIUS
NetBIOS Probe
Client
Remote Site
WAN
AD
Agent
Login/Authentication
Enterprise Main Site
xxxxxx
ASA
AD Servers
mktg.sample.com
10.1.1.2
RADIUS
Client
Remote Site
Login/Authentication
AD
Agent
AD Agent
LDAP
WMI
WAN