Using Certificates And User Login Credentials; Using User Login Credentials - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 13
Configuring AAA Servers and the Local Database
hostname(config-aaa-server-host)# exit
hostname(config)# aaa-server AuthInbound (inside) host 10.1.1.2
hostname(config-aaa-server-host)# key TACPlusUauthKey2
hostname(config-aaa-server-host)# exit
hostname(config)# aaa-server AuthOutbound protocol radius
hostname(config-aaa-server-group)# exit
hostname(config)# aaa-server AuthOutbound (inside) host 10.1.1.3
hostname(config-aaa-server-host)# key RadUauthKey
hostname(config-aaa-server-host)# exit
hostname(config)# aaa-server NTAuth protocol nt
hostname(config-aaa-server-group)# exit
hostname(config)# aaa-server NTAuth (inside) host 10.1.1.4
hostname(config-aaa-server-host)# nt-auth-domain-controller primary1
hostname(config-aaa-server-host)# exit
Example 13-2
AAA server to the group, and define the Kerberos realm for the server. Because
define a retry interval or the port that the Kerberos server listens to, the security appliance uses the
default values for these two server-specific parameters.
server host mode commands.
Kerberos realm names use numbers and upper-case letters only. Although the security appliance accepts
Note
lower-case letters for a realm name, it does not translate lower-case letters to upper-case letters. Be sure
to use upper-case letters only.
Example 13-2 Kerberos Server Group and Server
hostname(config)# aaa-server watchdogs protocol kerberos
hostname(config-aaa-server-group)# aaa-server watchdogs host 192.168.3.4
hostname(config-aaa-server-host)# kerberos-realm EXAMPLE.COM
hostname(config-aaa-server-host)# exit
hostname(config)#
Using Certificates and User Login Credentials
The following section describes the different methods of using certificates and user login credentials
(username and password) for authentication and authorization. This applies to both IPSec and WebVPN.
In all cases, LDAP authorization does not use the password as a credential. RADIUS authorization uses
either a common password for all users or the username as a password.
Using User Login Credentials
The default method for authentication and authorization uses the user login credentials.
•
•
OL-10088-01
shows commands that configure a Kerberos AAA server group named watchdogs, add a
Authentication
Enabled by authentication server group setting
–
Uses the username and password as credentials
–
Authorization
Enabled by authorization server group setting
–
–
Uses the username as a credential
Using Certificates and User Login Credentials
Table 13-2
lists the default values for all AAA
Cisco Security Appliance Command Line Configuration Guide
Example 13-2
does not
13-15
Advertisement
Table of Contents
Troubleshooting
