Cisco Systems OL-12180-01 manual Identifying AAA Server Groups and Servers, 12-12

Page 12

Chapter 12 Configuring AAA Servers and User Accounts

Identifying AAA Server Groups and Servers

Subnet Mask list—Specifies the subnet mask for the Dedicated IP address.

Check the Group Lock check box to restrict users to remote access through this group only. Group Lock restricts users by checking if the group configured in the VPN client is the same as the user’s assigned group. If it is not, the VPN Concentrator prevents the user from connecting.

If this box is unchecked (the default), the system authenticates a user without regard to the user’s assigned group.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode

Security Context

 

 

 

 

 

 

 

 

 

Multiple

 

 

 

 

 

 

Routed

Transparent

Single

Context

System

 

 

 

 

 

 

 

 

 

 

Identifying AAA Server Groups and Servers

If you want to use an external AAA server for authentication, authorization, or accounting, you must first create at least one AAA server group per AAA protocol and add one or more servers to each group. You identify AAA server groups by name. Each server group is specific to one type of server: Kerberos, LDAP, NT, RADIUS, SDI, or TACACS+.

The security appliance contacts the first server in the group. If that server is unavailable, the security appliance contacts the next server in the group, if configured. If all servers in the group are unavailable, the security appliance tries the local database if you configured it as a fallback method (management authentication and authorization only). If you do not have a fallback method, the security appliance continues to try the AAA servers.

This section includes the following topics:

AAA Server Groups, page 12-12

Add/Edit AAA Server Group, page 12-14

Edit AAA Local Server Group, page 12-15

Add/Edit AAA Server, page 12-15

Test AAA Server, page 12-19

AAAServer Groups

The AAA Server Groups pane lets you:

Configure AAA server groups and the protocols the security appliance uses to communicate with the servers listed in each group.

Configure and add individual servers to AAA server groups.

You can have up to 15 groups in single-mode or 4 groups in multi-mode. Each group can have up to 16 servers in single mode or 4 servers in multi-mode. When a user logs in, the servers are accessed one at a time, starting with the first server you specify, until a server responds.

 

ASDM User Guide

12-12

OL-12180-01

Page 11 Page 13
Image 12
Page 11 Page 13
Contents About Authentication AAA Overview12-1 About Authorization AAA Server and Local Database SupportAbout Accounting 12-2Summary of Support Radius Server Support12-3 Authentication Methods Radius Authorization FunctionsTACACS+ Server Support SDI Server SupportTwo-step Authentication Process NT Server SupportKerberos Server Support SDI Version SupportLdap Server Support SSO Support for Clientless SSL VPN with Http FormsLocal Database Support 12-6Configuring the Local Database User ProfilesFallback Support 12-7User Accounts 12-8Add/Edit User Account Identity 12-9Add/Edit User Account VPN Policy 12-1012-11 Identifying AAA Server Groups and Servers AAA Server Groups12-12 12-13 Add/Edit AAA Server Group 12-14Edit AAA Local Server Group Add/Edit AAA Server12-15 12-16 12-17 12-18 Test AAA Server 12-19Configuring an Authentication Prompt 12-20Configuring an Ldap Attribute Map 12-21Add/Edit Ldap Attribute Map Add/Edit Ldap Attribute Map Map Name Tab12-22 Add/Edit Ldap Attribute Map Map Value Tab Add/Edit Ldap Attributes Value Map12-23 12-24
Top Page Image Contents