04-15-2010 07:18 PM - edited 03-10-2019 05:04 PM
Hi,
I Have ASA 5520 In My Network, Here From Inside Users Have To Access The Terminal Server Which Is Located In DMZ. If I Want To Access The Terminal Server From Inside Users It Has To Authenticate By AAA Local Database.
04-15-2010 08:01 PM
Hi,
I believe you can do the following:
username user password pass
access-list ACL_AAA permit tcp INSIDE_NETWORK mask host DMZ_SERVER eq 3389
aaa authentication match ACL_AAA inside LOCAL
In this way, when the INSIDE_NETWORK requests to the RD server on the DMZ arrives to the inside interface of the ASA, there's an ACL that's going to match that traffic and also match the aaa authentication for the local database on the ASA.
On the ASA, the command ''sh uauth'' shows if the users are getting authenticated or not.
Federico.
04-22-2010 02:25 AM
Thanks lot Federico,
I have one more request,
I have the four inside interfaces and one DMZ interface. For each inside interface users have to access the Terminal Server authenticate by AAA using different Username and Password.
thanks once again
S.Rajkumar
04-22-2010 10:19 AM
You can try the following:
Create a local database of users:
username user1 password pass1
username user2 password pass2
username user3 password pass3
username userx password passx
Create an object-group that groups the four inside networks and apply the object-group to the ACL:
access-list ACL_AAA permit tcp object-group INSIDE_NETWORKS mask host DMZ_SERVER eq 3389
Specify the ACL on the AAA rule:
aaa authentication match ACL_AAA inside LOCAL
Federico.
04-22-2010 05:39 PM
Thanks federico
06-16-2010 02:09 AM
Hi,
When try to configure below comments,
Create a local database of users:
username user1 password pass1
username user2 password pass2
username user3 password pass3
username userx password passx
Create an object-group that groups the four inside networks and apply the object-group to the ACL:
access-list ACL_AAA permit tcp object-group INSIDE_NETWORKS mask host DMZ_SERVER eq 3389
Specify the ACL on the AAA rule:
aaa authentication match ACL_AAA inside LOCAL
I am facing the error which I discribed below,
ASA does not support interactive authentication for the rules that are applied to traffic other than FTP, HTTP, HTTPS, Telnet and SSH.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: