Configuring An External Radius Server - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Configuring an External RADIUS Server
Specify a secure LDAP connection as follows:
Step 4
hostname(config-aaa-server-host)# ldap-over-ssl enable
hostname(config-aaa-server-host)#
Create an aaa-server record to configure the LDAP authorization server and use the ldap-base-dn to
Step 5
specify the search location for the Cisco cVPN3000-User-Authorization records as shown in the
following example commands:
hostname(config-aaa-server-host)# aaa-server ldap-authorize protocol ldap
hostname(config-aaa-server-host)# aaa-server ldap-authorize host 10.1.1.4
hostname(config-aaa-server-host)# ldap-base-dn ou=Franklin-Altiga,dc=frdevtestad, dc=local
hostname(config-aaa-server-host)# ldap-scope subtree
hostname(config-aaa-server-host)# ldap-naming-attribute cn
hostname(config-aaa-server-host)# ldap-login-password anypassword
hostname(config-aaa-server-host)# ldap-login-dn cn=Administrator,cn=Users,
dc=frdevtestad,dc=local
hostname(config-aaa-server-host)#
Create an external group policy that associates the group-name with the LDAP authorization server. In
Step 6
this example, the user is assigned to the group Engineering as shown in the following command:
hostname(config-aaa-server-host)# group-policy engineering external server-group
ldap-authorize
hostname(config-aaa-server-host)#
Create a tunnel group that specifies LDAP authentication as shown in the following example commands:
Step 7
hostname(config)# tunnel-group ipsec-tunnelgroup type ipsec-ra
hostname(config)# tunnel-group ipsec-tunnelgroup general-attributes
hostname(config-tunnel-general)# authentication-server-group ldap-authenticate
hostname(config-tunnel-general)#
Configuring an External RADIUS Server
This section presents an overview of the RADIUS configuration procedure and defines the Cisco
RADIUS attributes. It includes the following topics:
•
•
Reviewing the RADIUS Configuration Procedure
This section describes the RADIUS configuration steps required to support authentication and
authorization of the security appliance users. Follow the steps below to set up the RADIUS server to inter
operate with the security appliance.
Load the security appliance attributes into the RADIUS server. The method you use to load the attributes
Step 1
depends on which type of RADIUS server you are using:
•
•
Cisco Security Appliance Command Line Configuration Guide
E-24
Reviewing the RADIUS Configuration Procedure
Security Appliance RADIUS Authorization Attributes
If you are using Cisco ACS: the server already has these attributes integrated. You can skip this step.
If you are using a FUNK RADIUS server: Cisco supplies a dictionary file that contains all the
security appliance attributes. Obtain this dictionary file,
CCO or from the security appliance CD-ROM. Load the dictionary file on your server.
Appendix E
Configuring an External Server for Authorization and Authentication
cisco3k.dct
, from Software Center on
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
