How does authentication of vpn users work on the asa? I know it can have a local database, but what about external databases? I guess I am wondering if I can have my asa communicate with my windows AD environment for username and passwords. is this possible?
when you are using the local database for authentication then router will search its database...but when ever you are haivng externeal server then you have to configure the router to forward the new connection or incomming connection requrest to the external host or server who is having authentication AAA database...so here you need to configure the router to forward the request to that server and server will prompt for the username and passwords
I do not have a lot of experence with the ASA but if its like most other cisco products they do not support windows AD directly.
You can use a radius or tacacs server which can then use the AD server. You should be able to run the radius or tacacs server function on your AD server if you like since there are many avaiable for windows.
Looks like I need to go study the aaa in the ASA boxes if they now take NT domain as a option.
The authorization is normally what commands a user may issue after he has logon the router. It is allows more contolled access by user rather than changing the commands themselves into other access levels and using enable levels for control. I do not think this is used in a VPN environment but they may have changed that also since the ASA boxes came out.
it means its provide the authentication to users...
normally in security we are assigning some specific task or application to the perticular user with the help of the authentication and authorisation...
authentication will tell the user is reliable and authorisation will tell the user have XYZ privillages to access...means here there is a entry with user name, password as well as the privillages level...so this is what the difference between both.
i could assign my ad environment to authenticate the user just for username and password, but then use either local host or a raduis, ldap server to do the assigning of priveleges? how do you most people do this?
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...