×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisco ASA and auth

Unanswered Question
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.7 (6 ratings)
Loading.
devang_etcom Tue, 06/13/2006 - 06:17
User Badges:
  • Gold, 750 points or more

when you are using the local database for authentication then router will search its database...but when ever you are haivng externeal server then you have to configure the router to forward the new connection or incomming connection requrest to the external host or server who is having authentication AAA database...so here you need to configure the router to forward the request to that server and server will prompt for the username and passwords


hope this will help you


rate this post if it helps


regards

Devang

tdrais Tue, 06/13/2006 - 06:51
User Badges:
  • Blue, 1500 points or more

I do not have a lot of experence with the ASA but if its like most other cisco products they do not support windows AD directly.


You can use a radius or tacacs server which can then use the AD server. You should be able to run the radius or tacacs server function on your AD server if you like since there are many avaiable for windows.

tdrais Tue, 06/13/2006 - 07:48
User Badges:
  • Blue, 1500 points or more

Looks like I need to go study the aaa in the ASA boxes if they now take NT domain as a option.


The authorization is normally what commands a user may issue after he has logon the router. It is allows more contolled access by user rather than changing the commands themselves into other access levels and using enable levels for control. I do not think this is used in a VPN environment but they may have changed that also since the ASA boxes came out.

devang_etcom Tue, 06/13/2006 - 07:58
User Badges:
  • Gold, 750 points or more

it means its provide the authentication to users...


normally in security we are assigning some specific task or application to the perticular user with the help of the authentication and authorisation...


authentication will tell the user is reliable and authorisation will tell the user have XYZ privillages to access...means here there is a entry with user name, password as well as the privillages level...so this is what the difference between both.


hope this will help you


rate this post if it helps


regards

Devang

devang_etcom Tue, 06/13/2006 - 08:54
User Badges:
  • Gold, 750 points or more

here RADIUS LDAP OR TACACS will also provide you the all authentication, authoirsation and accounting ...

here are the few links which will help you...


http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml


RADIUS: http://www.cisco.com/en/US/tech/tk583/tk547/tsd_technology_support_sub-protocol_home.html


TACACS:http://www.cisco.com/en/US/tech/tk583/tk642/tsd_technology_support_sub-protocol_home.html


ASA:http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_support_series_home.html


here you have to do some reading work but it will be help full to you


hope this will help you


rate this post if it helps


regards

Devang

dbakula01 Tue, 06/13/2006 - 09:07
User Badges:

On any windows server 2003 at least, you can install IAS or Internet Authentication Service under the add/remove windows components of the networking services section. It's a microsoft radius server.

then on your asa put it's IP as the aaa server. Its actually really easy

devang_etcom Tue, 06/13/2006 - 09:15
User Badges:
  • Gold, 750 points or more

yes it is...you can find radius on window 2003 server by


start- administrative tool-routing and remote access then right click on property ...then select security tab and then select RADIUS authentication...


and you can have RADIUS for Linux also on i think www.freeradius.org...


its very easy to configure...


rate this post if it helps


regards

Devang

Actions

This Discussion