cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1029
Views
0
Helpful
5
Replies

AAA Authentication

singraj2001
Level 1
Level 1

Hi,

I Have ASA 5520 In My Network, Here From Inside Users Have To Access The Terminal Server Which Is Located In DMZ. If I Want To Access The Terminal Server From Inside Users It Has To Authenticate By AAA Local Database.

5 Replies 5

Hi,

I believe you can do the following:

username user password pass

access-list ACL_AAA permit tcp INSIDE_NETWORK mask host DMZ_SERVER eq 3389

aaa authentication match ACL_AAA inside LOCAL

In this way, when the INSIDE_NETWORK requests to the RD server on the DMZ arrives to the inside interface of the ASA, there's an ACL that's going to match that traffic and also match the aaa authentication for the local database on the ASA.

On the ASA, the command ''sh uauth'' shows if the users are getting authenticated or not.

Federico.

Thanks lot Federico,

I have one more request,

I have the four inside interfaces and one DMZ interface. For each inside interface users have to access the Terminal Server authenticate by AAA using different Username and Password.

thanks once again

S.Rajkumar

You can try the following:

Create a local database of users:

username user1 password pass1
username user2 password pass2
username user3 password pass3
username userx password passx

Create an object-group that groups the four inside networks and apply the object-group to the ACL:

access-list ACL_AAA permit tcp object-group INSIDE_NETWORKS mask host DMZ_SERVER eq 3389

Specify the ACL on the AAA rule:


aaa authentication match ACL_AAA inside LOCAL

Federico.

Thanks federico

Hi,

When try to configure below comments,

Create a local database of users:

username user1 password pass1
username user2 password pass2
username user3 password pass3
username userx password passx

Create an object-group that groups the four inside networks and apply the object-group to the ACL:

access-list ACL_AAA permit tcp object-group INSIDE_NETWORKS mask host DMZ_SERVER eq 3389

Specify the ACL on the AAA rule:

aaa authentication match ACL_AAA inside LOCAL

I am facing the error which I discribed below,

ASA does not support interactive authentication for the rules that are applied to traffic other than FTP, HTTP, HTTPS, Telnet and SSH.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: