Cisco ASA Series Cli Configuration Manual page 849
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 1
Configuring AAA Servers and the Local Database
Information About Accounting
Accounting tracks traffic that passes through the ASA, enabling you to have a record of user activity. If
you enable authentication for that traffic, you can account for traffic per user. If you do not authenticate
the traffic, you can account for traffic per IP address. Accounting information includes session start and
stop times, username, the number of bytes that pass through the ASA for the session, the service used,
and the duration of each session.
Summary of Server Support
Table 1-1
database. For more information about support for a specific AAA server type, see the topics following
the table.
Table 1-1
AAA Service
Authentication of...
VPN users
Firewall sessions
Administrators
Authorization of...
VPN users
Firewall sessions
Administrators
Accounting of...
VPN connections
Firewall sessions
Administrators
1. For SSL VPN connections, either PAP or MS-CHAPv2 can be used.
2. HTTP Form protocol supports both authentication and SSO operations for clientless SSL VPN users sessions only.
3. RSA/SDI is supported for ASDM HTTP administrative access with ASA 5500 software version 8.2(1) or later.
4. For firewall sessions, RADIUS authorization is supported with user-specific access lists only, which are received or specified
5. Local command authorization is supported by privilege level only.
6. Command accounting is available for TACACS+ only.
Note
In addition to the native protocol authentication listed in
authentication. For example, the ASA can proxy to an RSA/SDI and/or LDAP server via a RADIUS
server. Authentication via digital certificates and/or digital certificates with the AAA combinations
listed in the table are also supported.
summarizes the support for each AAA service by each AAA server type, including the local
Summary of AAA Support
Database Type
Local
1
Yes
Yes
Yes
Yes
No
5
Yes
No
No
No
in a RADIUS authentication response.
RADIU
TACACS
SDI
S
+
(RSA)
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
No
4
Yes
Yes
No
No
Yes
No
Yes
Yes
No
Yes
Yes
No
6
Yes
Yes
No
Cisco ASA Series CLI Configuration Guide
Information About AAA
NT
Kerberos
Yes
Yes
Yes
Yes
3
Yes
Yes
No
No
No
No
No
No
No
No
No
No
No
No
Table
1-1, the ASA supports proxying
LDA
HTTP
P
Form
2
Yes
Yes
Yes
No
Yes
No
Yes
No
No
No
No
No
No
No
No
No
No
No
1-3
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
