Configuring An External Radius Server; Reviewing The Radius Configuration Procedure; Security Appliance Tacacs+ Attributes - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Appendix E
Configuring an External Server for Authorization and Authentication
Table E-5
Security Appliance Supported RADIUS Attributes and Values (continued)
Attribute Name
WebVPN-Macro-Value1
WebVPN-Macro-Value2
RADIUS attribute names do not contain the cVPN3000 prefix to better reflect support for all three
Note
security appliances (VPN 3000, PIX, and the ASA). Cisco Secure ACS 4.x supports this new
nomenclature, but attribute names in pre-4.0 ACS releases still include the cVPN3000 prefix. The
appliances enforce the RADIUS attributes based on attribute numeric ID, not attribute name. LDAP
attributes are enforced by their name, not by the ID.
Configuring an External RADIUS Server
This section presents an overview of the RADIUS configuration procedure and defines the Cisco
RADIUS and TACACS+ attributes. It includes the following topics:
•
•
•
Reviewing the RADIUS Configuration Procedure
This section describes the RADIUS configuration steps required to support authentication and
authorization of the security appliance users. Follow these steps to set up the RADIUS server to inter
operate with the security appliance.
Load the security appliance attributes into the RADIUS server. The method you use to load the attributes
Step 1
depends on which type of RADIUS server you are using:
•
•
•
Step 2
Set up the users or groups with the permissions and attributes to send during IPSec/WebVPN tunnel
establishment.
OL-12172-03
VPN
3000 ASA PIX
Reviewing the RADIUS Configuration Procedure
Security Appliance RADIUS Authorization Attributes
Security Appliance TACACS+ Attributes
If you are using Cisco ACS: the server already has these attributes integrated. You can skip this step.
If you are using a FUNK RADIUS server: Cisco supplies a dictionary file that contains all the
security appliance attributes. Obtain this dictionary file,
CCO or from the security appliance CD-ROM. Load the dictionary file on your server.
For other vendors' RADIUS servers (for example, Microsoft Internet Authentication Service): you
must manually define each security appliance attribute. To define an attribute, use the attribute name
or number, type, value, and vendor code (3076). For a list of security appliance RADIUS
authorization attributes and values, see
Attr.
Syntax/
#
Type
Y
223
String
Y
224
String
Table
E-5.
Cisco Security Appliance Command Line Configuration Guide
Configuring an External RADIUS Server
Single
or
Multi-
Valued
Description or Value
Single
Unbounded
Single
Unbounded
, from Software Center on
cisco3k.dct
E-33
Advertisement
Table of Contents
Troubleshooting
