Cisco OL-12180-01 - Manuals

Page 2 - About Authorization; AAA Server and Local Database Support

12-2 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts AAA Server and Local Database Support • All administrative connections to the security appliance including the following sessions: – Telnet – SSH – Serial console – ASDM (using HTTPS) – VPN management access • The ...

Page 3 - Summary of Support

12-3 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts AAA Server and Local Database Support • RADIUS Server Support, page 12-3 • TACACS+ Server Support, page 12-4 • SDI Server Support, page 12-4 • NT Server Support, page 12-5 • Kerberos Server Support, page 12-5 • LDA...

Page 4 - Authentication Methods; TACACS+ Server Support

12-4 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts AAA Server and Local Database Support This section contains the following topics: • Authentication Methods, page 12-4 • Attribute Support, page 12-4 • RADIUS Authorization Functions, page 12-4 Authentication Method...

Page 5 - SDI Version Support; Two-step Authentication Process; NT Server Support; Kerberos Server Support

12-5 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts AAA Server and Local Database Support • Two-step Authentication Process, page 12-5 • SDI Primary and Replica Servers, page 12-5 SDI Version Support The security appliance supports SDI Version 5.0 and 6.0. SDI uses ...

Page 6 - LDAP Server Support; SSO Support for Clientless SSL VPN with HTTP Forms; Local Database Support

12-6 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts AAA Server and Local Database Support LDAP Server Support This section describes using an LDAP directory with the security appliance for user authentication andVPN authorization. During authentication, the security...

Page 7 - User Profiles; Configuring the Local Database

12-7 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Configuring the Local Database User Profiles User profiles contain, at a minimum, a username. Typically, a password is assigned to each username,although passwords are optional. You can add other information to a s...

Page 8 - User Accounts

12-8 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Configuring the Local Database User Accounts The User Accounts pane lets you manage the local user database. The local database is used for thefollowing features: • ASDM per-user access By default, you can log into...

Page 12 - Identifying AAA Server Groups and Servers; AAA Server Groups

12-12 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Identifying AAA Server Groups and Servers – Subnet Mask list—Specifies the subnet mask for the Dedicated IP address. Check the Group Lock check box to restrict users to remote access through this group only. Group...

Page 14 - Add/Edit AAA Server Group

12-14 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Identifying AAA Server Groups and Servers • Delete—Removes the selected AAA server from the list. • Move up—Moves the selected AAA server up in the AAA sequence. • Move down—Moves the selected AAA server back in t...

Page 15 - Edit AAA Local Server Group

12-15 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Identifying AAA Server Groups and Servers Modes The following table shows the modes in which this feature is available: Edit AAA Local Server Group The Edit AAA Local Server Group dialog box lets you specify wheth...

Page 19 - Test AAA Server

12-19 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Identifying AAA Server Groups and Servers – Start URL—Specifies the complete URL of the authenticating web server location where apre-login cookie can be retrieved. This parameter must be configured only when thea...

Page 20 - Configuring an Authentication Prompt

12-20 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Configuring an Authentication Prompt Tip Checking for basic network connectivity to the AAA server may save you time in troubleshooting. Totest basic connectivity, click Tools > Ping. Fields • AAA Server Group—...

Page 21 - Configuring an LDAP Attribute Map

12-21 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Configuring an LDAP Attribute Map Note Microsoft Internet Explorer displays up to 37 characters in an authentication prompt. NetscapeNavigator displays up to 120 characters, and Telnet and FTP display up to 235 ch...

Page 22 - Add/Edit LDAP Attribute Map > Map Name Tab

12-22 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Configuring an LDAP Attribute Map Fields • Name—Displays the names of the LDAP attribute maps available for editing. • Attribute Map Name—Displays the mappings of customer attribute names to Cisco attribute namesw...

Page 23 - Add/Edit LDAP Attribute Map > Map Value Tab; Add/Edit LDAP Attributes Value Map

12-23 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Configuring an LDAP Attribute Map Fields • Name—Specifies the name of the LDAP attribute map you are adding or editing. If you are addinga new map, you enter the name of the map in this field. If you are editing a...