product icon

Cisco ASA VPN configuration for the LastPass Universal Proxy LDAPS protocol

    Before you begin:
    Set your local user profile to have the proper privilege level to your Cisco ASA system:
    • In the Remote Access VPN > AAA/Local Users > Local Users menu, Privilege Level field, select 15.
      Note: You must set your privilege level to 15 in order to have unrestricted administrator access to your ADSM/CLI management surface.

      Create an LDAP server group per AAA:

      1. Open the Cisco AnyConnect Configuration Wizard.
        Create an LDAP server group per AAA:
      2. Go to Remote Access VPN > AAA/Local Users > AAA Server Groups in the left navigation, to add an AAA server group to your AnyConnect connection profile.
      3. Click Add in the AAA Server Groups area.

        Result: The Add AAA Server Group dialog box appears.

      4. In the AAA Server Group field, enter a name.
      5. In the Protocol field, select LDAP.
      6. Set the following parameters:
        Reactivation Mode
        Depletion
        Dead Time
        10 minutes
        Max Failed Attempts
        1
      7. Click OK.

        Result: The Add AAA Server Group dialog box closes, and the new server group is added to the AAA Server Groups table.

      8. Click Apply.
        Add an LDAP server to a server group:
      9. In the AAA Server Groups area, click the server group to which you want to add a server.
      10. Click Add, in the Servers in the Selected Group area.

        Result: The Add AAA Server dialog box appears for the server group.

      11. Set the following parameters:
        Interface Name
        Choose the interface name on which the authentication server resides.
        Server Name or IP Address
        Add the Universal Proxy's IP address.
        Timeout
        60
        Enable LDAP over SSL
        Check the checkbox.
        Server Port
        636
        Server Type
        Microsoft
        Base DN

        Add the base DN in the following format: DC=example,DC=com

        Important: This value must be the same as the Active Directory's base domain name.
        Scope
        All levels beneath the Base DN
        Naming Attribute
        sAMAccountName
        Login DN

        Add the login DN in the following format: CN=admin,CN=Users,DC=example,DC=com.

        Important: This value must be the same as the distinguishedName field value in the Active Directory.
        Login Password
        Enter the login password, which is the password for the Login DN user account.
      12. Click OK.The Add AAA Server Group dialog box closes, and the AAA server is added to the AAA server group.

      Test the LDAP Server Authentication:

      1. Select the server you want to test in the Servers in the Selected Group.
      2. Click Test.

        Result: The Test AAA Server dialog box appears for the selected server.

      3. Choose the Authentication radio button.
      4. In the Username field, enter your username.
      5. In the Password field enter your password.
      6. Click OK.

        Result: The Adaptive Security Appliance (ASA) sends an authentication test message to the server. An Information dialog box appears, showing if the test failed or was successful.

    Related Articles