Configuring An External Radius Server; Reviewing The Radius Configuration Procedure; Security Appliance Radius Authorization Attributes - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Configuring an External RADIUS Server
Specify a secure LDAP connection as follows:
Step 4
hostname(config-aaa-server-host)# ldap-over-ssl enable
hostname(config-aaa-server-host)#
Create an aaa-server record to configure the LDAP authorization server and use the ldap-base-dn to
Step 5
specify the search location for the Cisco User-Authorization records, as shown in the following example
commands:
hostname(config-aaa-server-host)# aaa-server ldap-authorize protocol ldap
hostname(config-aaa-server-host)# aaa-server ldap-authorize host 10.1.1.4
hostname(config-aaa-server-host)# ldap-base-dn ou=Franklin-Altiga,dc=frdevtestad, dc=local
hostname(config-aaa-server-host)# ldap-scope subtree
hostname(config-aaa-server-host)# ldap-naming-attribute cn
hostname(config-aaa-server-host)# ldap-login-password anypassword
hostname(config-aaa-server-host)# ldap-login-dn cn=Administrator,cn=Users,
dc=frdevtestad,dc=local
hostname(config-aaa-server-host)#
Create an external group policy that associates the group-name with the LDAP authorization server. In
Step 6
this example, the user is assigned to the group Engineering, as shown in the following command:
hostname(config-aaa-server-host)# group-policy engineering external server-group
ldap-authorize
hostname(config-aaa-server-host)#
Create a tunnel group that specifies LDAP authentication, as shown in the following example
Step 7
commands:
hostname(config)# tunnel-group ipsec-tunnelgroup type ipsec-ra
hostname(config)# tunnel-group ipsec-tunnelgroup general-attributes
hostname(config-tunnel-general)# authentication-server-group ldap-authenticate
hostname(config-tunnel-general)#
Configuring an External RADIUS Server
This section presents an overview of the RADIUS configuration procedure and defines the Cisco
RADIUS attributes. It includes the following topics:
•
•
Reviewing the RADIUS Configuration Procedure
This section describes the RADIUS configuration steps required to support authentication and
authorization of the security appliance users. Follow these steps to set up the RADIUS server to inter
operate with the security appliance.
Load the security appliance attributes into the RADIUS server. The method you use to load the attributes
Step 1
depends on which type of RADIUS server you are using:
•
Cisco Security Appliance Command Line Configuration Guide
E-24
Reviewing the RADIUS Configuration Procedure
Security Appliance RADIUS Authorization Attributes
If you are using Cisco ACS: the server already has these attributes integrated. You can skip this step.
Appendix E
Configuring an External Server for Authorization and Authentication
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
