Below is a TACACS config on a router in a client's network:
aaa authentication login default group tacacs+ line
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated none
A few things...
1.) I dont see any aaa accounting commands, so I am wondering if accounting is not being leveraged, or if there is another way of providing command accounting without explicitly configuring it on the device.
2.) I know that to log onto the device, they use an RSA Token. Correct me if Im wrong, but enabling RSA ID tokens for authentication through ACS is done at the ACS server itself. In other words, the RSA funtionality will not be reflected in the device's aaa configs, but instead in the application's configuration...correct?
Lastly, I see the following globally enabled configs on the router:
privilege exec level 0 dir
privilege exec level 0 write terminal
privilege exec level 0 write
privilege exec level 0 traceroute ip
privilege exec level 0 traceroute
privilege exec level 0 ping ip
privilege exec level 0 ping
privilege exec level 0 terminal monitor
privilege exec level 0 terminal
privilege exec level 0 show crypto sockets
privilege exec level 0 show crypto isakmp profile
privilege exec level 0 show crypto isakmp key
privilege exec level 0 show crypto isakmp policy
privilege exec level 0 show crypto isakmp sa
privilege exec level 0 show crypto isakmp
privilege exec level 0 show crypto ipsec security-association-lifetime
privilege exec level 0 show crypto ipsec security-association
I'm not sure how this figures into the aaa config. Why would these authorization commands be configured locally on the router when aaa authorization is already being leveraged centrally on the ACS server (aaa authorization commands in the config)?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...