13-15
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter1 3 Managing Identity-Aware Firewall Policies
Configuring Identity-Aware Firewall Policies

Identity Configuration Wizard Preview

Use the Preview page of the Identity Configuration wizard to verify the information you entered into the
wizard.
The preview summarizes the objects that will be created or used for the Active Directory configuration
for the NetBIOS domain.
AD server group shows the name of the AAA server group object for the AD servers used in the
domain. The table shows the AAA server objects that define each of the AD servers.
AD Agent shows the name of the AAA server group object for the AD agents. The primary and
secondary agent shows the AAA server object that defines the agents.
For objects that the wizard will create, names are automatically generated for the AAA server objects,
either adding ldap_ or radius_ as a prefix to the server IP address.
To make changes, click Back. Otherwise, click Finish to save the settings.
Tip After you complete the wizard, you can edit the properties of the newly-created objects to configure
settings that the wizard left as default settings.
Navigation Path
Do one of the following:
From the AD Setup tab of the Identity Options page, click the Configure Identity button and
proceed to this page. See Identifying Active Directory Servers and Agents, page 13-8.
If the Identity Options policy is not already configured, you can start the wizard from the AAA
Rules, Access Rules, or Inspection Rules policies by clicking the Select button for the User field and
then clicking Yes when asked if you want to configure identity.
Configuring Identity Options
Use the Advanced tab of the Identity Options policy to enable or disable user identity services and
configure options for error handling, the NetBIOS logout probe, idle timeout, and AD agent
communication settings. The options on this tab have default values, so you need to change them only if
you want to fine-tune the settings for your network.
Navigation Path
(Device view) Select an ASA device, then select Identity Options from the Policy selector. Select
the Advanced tab.
(Policy view) Select Identity Options (ASA) from the Policy selector. Select an existing policy or
create a new one. Select the Advanced tab.
Add Secondary AD Agent Click this button only if you want to create an additional agent. The
agent is used in case the first agent becomes unavailable.
When you click the button, the information in the agent fields is saved
and added to the preview pane, and the fields are cleared so that you can
add information about the secondary agent.
Table13-4 Identity Configuration Wizard Active Directory Agent Settings (Continued)
Element Description