Cisco ASA 5505 Configuration Manual page 649

Chapter 31 Configuring AAA Servers and the Local Database
About Accounting
Accounting tracks traffic that passes through the adaptive security appliance, enabling you to have a
record of user activity. If you enable authentication for that traffic, you can account for traffic per user.
If you do not authenticate the traffic, you can account for traffic per IP address. Accounting information
includes session start and stop times, username, the number of bytes that pass through the adaptive
security appliance for the session, the service used, and the duration of each session.
AAA Server and Local Database Support
The adaptive security appliance supports a variety of AAA server types and a local database that is stored
on the adaptive security appliance. This section describes support for each AAA server type and the local
database, and includes the following topics:
•
•
•
•
•
•
•
•
•
Summary of Support
Table 31-1
database. For more information about support for a specific AAA server type, see the topics following
the table.
Table 31-1
AAA Service
Authentication of...
VPN users
Firewall sessions
Administrators
Authorization of...
VPN users
Firewall sessions
Administrators
Accounting of...
OL-20339-01
Summary of Support, page 31-3
RADIUS Server Support, page 31-4
TACACS+ Server Support, page 31-5
RSA/SDI Server Support, page 31-5
NT Server Support, page 31-6
Kerberos Server Support, page 31-6
LDAP Server Support, page 31-7
HTTP Forms Authentication for Clientless SSL VPN, page 31-7
Local Database Support, page 31-7
summarizes the support for each AAA service by each AAA server type, including the local
Summary of AAA Support
Database Type
Local RADIUS
1
Yes
Yes
Yes
Yes
No
5
Yes
TACACS+ SDI (RSA) NT
Yes Yes Yes
Yes Yes Yes
Yes Yes Yes
Yes No No
4
Yes Yes No
No Yes No
Cisco ASA 5500 Series Configuration Guide using ASDM
AAA Server and Local Database Support
Kerberos
Yes Yes
Yes Yes
3
Yes Yes
No No
No No
No No
LDAP HTTP Form
2
Yes Yes
Yes No
Yes No
Yes No
No No
No No
31-3