Authentication and Authorization Server Groups for VPN Users via ASDM Configuration Example.pdf

(210 KB) Pobierz
Cisco − Authentication and Authorization Server Groups for VPN Users via ASDM Configuration Example
Table of Contents
Authentication and Authorization Server Groups for VPN Users via ASDM Configuration Example....1
Document ID: 68881
................................................................................................................................1
Introduction..........................................................................................................................................................1
Prerequisites.........................................................................................................................................................1
Requirements..........................................................................................................................................1
Components Used...................................................................................................................................1
Related Products.....................................................................................................................................1
Conventions............................................................................................................................................2
Background Information......................................................................................................................................2
Configure Authentication and Authorization for VPN Users..............................................................................2
Configure Authentication and Authorization Servers
.............................................................................2
Configure a VPN Tunnel Group for Authentication and Authorization
.................................................9
Verify.................................................................................................................................................................10
Troubleshoot......................................................................................................................................................10
NetPro Discussion Forums − Featured Conversations......................................................................................11
Related Information...........................................................................................................................................11
i
Authentication and Authorization Server Groups
for VPN Users via ASDM Configuration Example
Document ID: 68881
Introduction
Prerequisites
Requirements
Components Used
Related Products
Conventions
Background Information
Configure Authentication and Authorization for VPN Users
Configure Authentication and Authorization Servers
Configure a VPN Tunnel Group for Authentication and Authorization
Verify
Troubleshoot
NetPro Discussion Forums − Featured Conversations
Related Information
Introduction
This document describes how to use the Cisco Adaptive Security Device Manager (ASDM) to configure
authentication and authorization server groups on the Cisco PIX 500 Series Security Appliance. In this
example, the server groups created are used by the policy of a VPN tunnel group to authenticate and authorize
incoming users.
Prerequisites
Requirements
This document assumes that the PIX is fully operational and configured to allow the ASDM to make
configuration changes.
Components Used
The information in this document is based on these software and hardware versions:
Cisco PIX Security Appliance Software Version 7.0(4)
Cisco ASDM Version 5.0(4)
The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.
Related Products
This configuration can also be used with Cisco Adaptive Security Appliance (ASA) Version 7.x.
Cisco − Authentication and Authorization Server Groups for VPN Users via ASDM Configuration Example
Conventions
Refer to the Cisco Technical Tips Conventions for more information on document conventions.
Background Information
Not all of the possible authentication and authorization methods available in PIX/ASA 7.x software are
supported when you deal with VPN users. This table details what methods are available for VPN users:
Local RADIUS TACACS+ SDI NT Kerberos LDAP
Authentication
Authorization
Yes
Yes
Yes
Yes
Yes
No
Yes Yes Yes
No No No
No
Yes
Note:
Kerberos is used for the authentication and LDAP is used for the authorization of VPN users in this
example.
Configure Authentication and Authorization for VPN Users
Configure Authentication and Authorization Servers
Complete these steps to configure authentication and authorization server groups for VPN users via ASDM.
1. Select
Configuration > Properties > AAA Setup > AAA Server Groups
and click
Add.
2. Define a name for the new authentication server group and choose a protocol.
Cisco − Authentication and Authorization Server Groups for VPN Users via ASDM Configuration Example
The Accounting Mode option is for RADIUS and TACACS+ only. Click
OK
when finished.
3. Repeat steps 1 and 2 to create a new authorization server group.
4. Click
Apply
to send the changes to the device.
Cisco − Authentication and Authorization Server Groups for VPN Users via ASDM Configuration Example
If you have it configured to do so, the device now previews the commands that are added to the
running configuration.
5. Click
Send
to send the commands to the device.
Cisco − Authentication and Authorization Server Groups for VPN Users via ASDM Configuration Example

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin