HELP FILE

Cisco ASA VPN configuration for the LastPass Universal Proxy LDAP protocol

    Before you begin:
    Set your local user profile to have the proper privilege level to your Cisco ASA system:
    • In the Remote Access VPN > AAA/Local Users > Local Users menu, Privilege Level field, select 15.
      Note: You must set your privilege level to 15 in order to have unrestricted administrator access to your ADSM/CLI management surface.
    • Create an LDAP server group per AAA:
      1. Open the Cisco AnyConnect Configuration Wizard.
      2. Go to Remote Access VPN > AAA/Local Users > AAA Server Groups in the left navigation, to add an AAA server group to your AnyConnect connection profile.
      3. Click Add in the AAA Server Groups area.

        Result: The Add AAA Server Group dialog box appears.

      4. In the AAA Server Group field, enter a name.
      5. In the Protocol field, select LDAP.
      6. Set the following parameters:

        Reactivation Mode
        Depletion
        Dead Time
        10 minutes
        Max Failed Attempts
        1

      7. Click OK.

        Result: The Add AAA Server Group dialog box closes, and the new server group is added to the AAA Server Groups table.

      8. Click Apply.

        Add an LDAP server to a server group:

      9. In the AAA Server Groups area, click the server group to which you want to add a server.
      10. Click Add, in the Servers in the Selected Group area.

        Result: The Add AAA Server dialog box appears for the server group.

      11. Set the following parameters:

        Interface Name
        Choose the interface name on which the authentication server resides.
        Server Name or IP Address
        Add the Universal Proxy's IP address.
        Timeout
        60
        Server Port
        389
        Server Type
        Microsoft
        Base DN

        Add the base DN in the following format: DC=example,DC=com.

        Important: This value must be the same as the Active Directory's base domain name.
        Scope
        All levels beneath the Base DN.
        Naming Attribute
        sAMAccountName
        Login DN

        Add the login DN in the following format: CN=admin,CN=Users,DC=example,DC=com.

        Important: This value must be the same as the distinguishedName field value in the Active Directory.
        Login Password
        Enter the login password, which is the password for the Login DN user account.

      12. Click OK.

        Result: The Add AAA Server dialog box closes, and the AAA server is added to the AAA server group.

      13. Test the LDAP server authentication. For more information, see Testing Cisco ASA VPN.