Filter
Top Products
13-14
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 13 Managing Identity-Aware Firewall Policies
Configuring Identity-Aware Firewall Policies
Field Reference
Table 13-4 Identity Configuration Wizard Active Directory Agent Settings
Element Description
Select Existing AD Agent
Group
Select this option if the AAA server group policy object that identifies
the required AD agents already exists. The object must use the
RADIUS protocol, and should have the option AD Agent Mode
selected.
Click Select next to the Group Name field to select the object.
Create New AD Agent Group Select this option if the AAA server group policy object does not
already exist, or you want the wizard to create a new object.
Configure the remaining options to identify the group and the servers
that it contains.
Create AD Agent Group Properties
Group Name
(When creating the group in
the wizard.)
The name of the AAA server group object that you want to create. The
name can be up to 16 characters.
AD Agent Name/IP One of the following:
• The name of an existing AAA server object that defines the AD
agent. Click Select to select the object from a list.
If you select an object, you cannot configure the remaining
properties.
• The IP address of the AD agent.
Secret Key
Confirm
The shared secret that is used to encrypt data between the network
device (client) and AAA server. The key is a case-sensitive,
alphanumeric string of up to 127 characters. Special characters are
permitted.
The key you define in this field must match the key on the RADIUS
server. Enter the key again in the Confirm field.
If you do not define a key, all traffic between the AAA server and its
AAA clients is sent unencrypted.
Interface The interface whose IP address should be used for all outgoing packets
(known as the source interface). Enter the name of an interface or
interface role, or click Select to select it from a list or to create a new
interface role.
Tips
• If you enter the name of an interface, make sure the policy that uses
this AAA object is assigned to a device containing an interface
with this name.
• If you enter the name of an interface role, make sure the role
represents a single interface, not multiple interfaces.
• Only one source interface can be defined for the AAA servers in a
AAA server group, so if you specify more than one server, ensure
that they all use the same interface.