aaa authentication with protocol/port--please translate this command
This was originally posted in the VPN-->security section
We use Cisco VPN client v1.1 for remote access to the network. I need to make some config changes and I'm trying to understand the existing config so I don't mess up the present connectivity (I'm new to PIX).
I have the following command in my config:
aaa authentication include tcp/0 outside 220.127.116.11 255.255.0.0 192.168.1.0 255.255.255.0 partnerauth
It appears to be a legal command, because it is in the running config. However, I cannot find anything in the docs that reference the "tcp/0" parameter. I'm presently using V6.2, upgraded from V5.2. There is an example of this given for the aaa authorization command. Also, in
at "Virtual Telnet Outbound," there is an example given where protocol/port is shown.
Anyway, if I am correct in my assumption, the command given above would read, in English, "Authenticate anyone from network 192.168.1.0 that arrives on the outside interface using any TCP port, to access the network 18.104.22.168, using the partnerauth server."
What does this command really do? I doubt it is even working, because the 22.214.171.124 isn't part of the 172 class B private network we use.
To further confuse me, the example below doesn't use this command at all when configuring radius authentication.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :