Cisco ASA 5505 Configuration Manual page 1762
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Configuring an External RADIUS Server
Configuring an External RADIUS Server
This section presents an overview of the RADIUS configuration procedure and defines the Cisco
RADIUS attributes. It includes the following topics:
•
•
•
Reviewing the RADIUS Configuration Procedure
This section describes the RADIUS configuration steps required to support authentication and
authorization of the adaptive security appliance users. Follow these steps to set up the RADIUS server
to inter operate with the adaptive security appliance.
Load the adaptive security appliance attributes into the RADIUS server. The method you use to load the
Step 1
attributes depends on which type of RADIUS server you are using:
•
•
•
Set up the users or groups with the permissions and attributes to send during IPSec or SSL tunnel
Step 2
establishment.
Security Appliance RADIUS Authorization Attributes
Authorization refers to the process of enforcing permissions or attributes. A RADIUS server defined as
an authentication server enforces permissions or attributes if they are configured.
Table B-7
for user authorization.
RADIUS attribute names do not contain the cVPN3000 prefix. Cisco Secure ACS 4.x supports this new
Note
nomenclature, but attribute names in pre-4.0 ACS releases still include the cVPN3000 prefix. The
appliances enforce the RADIUS attributes based on attribute numeric ID, not attribute name. LDAP
attributes are enforced by their name, not by the ID.
Cisco ASA 5500 Series Configuration Guide using ASDM
B-30
Reviewing the RADIUS Configuration Procedure, page B-30
Security Appliance RADIUS Authorization Attributes, page B-30
Security Appliance IETF RADIUS Authorization Attributes, page B-38
If you are using Cisco ACS: the server already has these attributes integrated. You can skip this step.
If you are using a FUNK RADIUS server: Cisco supplies a dictionary file that contains all the
adaptive security appliance attributes. Obtain this dictionary file,
Center on CCO or from the adaptive security appliance CD-ROM. Load the dictionary file on your
server.
For other vendors' RADIUS servers (for example, Microsoft Internet Authentication Service): you
must manually define each adaptive security appliance attribute. To define an attribute, use the
attribute name or number, type, value, and vendor code (3076). For a list of adaptive security
appliance RADIUS authorization attributes and values, see
lists all the possible adaptive security appliance supported RADIUS attributes that can be used
Appendix B
Configuring an External Server for Authorization and Authentication
, from Software
cisco3k.dct
Table
B-7.
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
