Solved: cisco Pix 506e

Alejandro Cortes Rivera · ‎01-24-2008

when I configure radius in a router o switch I use this config:

aaa new-model

aaa authentication login default group radius local

aaa authorization exec default group radius local

aaa accounting exec default start-stop group radius

aaa accounting network default start-stop group radius

aaa accounting connection default start-stop group radius

IN A CISCO ASA:

aaa authentication http console RADIUSCOM LOCAL

aaa authentication ssh console RADIUSCOM LOCAL

aaa authentication telnet console RADIUSCOM LOCAL

aaa accounting enable console RADIUSCOM

aaa accounting ssh console RADIUSCOM

aaa accounting telnet console RADIUSCOM

aaa authorization exec authentication-server

BUT HOW CAN I CONFIGURE THIS ON A CISCO PIX 506E?

pjhenriqs · ‎01-24-2008

More or less the same (taken from a PIX506E):

aaa-server radius-authport X

aaa-server radius-acctport Y

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server RADIUS (outside) host x.x.x.x timeout 5

aaa-server LOCAL protocol local

aaa authentication ssh console RADIUS LOCAL

aaa authentication http console RADIUS

aaa authentication telnet console RADIUS LOCAL

aaa authorization command RADIUS LOCAL

Hope it helps,

Paulo

View solution in original post

pjhenriqs · ‎01-24-2008