6-30
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 6 Managing Policy Objects
Understanding AAA Server and Server Group Objects
Supported AAA Server Types, page6-25
Additional AAA Support on ASA, PIX, and FWSM Devices, page 6-26
Understanding AAA Server and Server Group Objects, page 6-24
Step 1 Select Manage > Policy Objects to open the Policy Object Manager (see Policy Object Manager,
page 6-4).
Step 2 Select AAA Servers from the Object Type selector.
Step 3 Right-click in the work area, then select New Object to open the Add or Edit AAA Server Dialog Box,
page 6-30.
Step 4 Enter a name for the object and optionally a description of the object.
Step 5 Identify the AAA server:
In the Host field, enter the IP address or for ASA or PIX 7.2+ devices, the host name of the AAA
server. You can also enter the name of a network/host object that contains the host IP address, or
click Select to select the object.
Optionally, in the Interfaces field, enter the name of an interface or an interface role (which must
resolve to a single interface name on the device) whose IP address should be used for all outgoing
RADIUS or TACACS+ packets. Do not specify an interface for objects used on an IPS device.
Optionally, enter the amount of time to wait until a AAA server is considered unresponsive.
Step 6 Select the protocol used by the AAA server and configure protocol-specific properties. You can use
RADIUS with all device types, and TACACS+ with all device types except for IPS devices. You can use
the Kerberos, LDAP, NT, SDI, and HTTP-FORM protocols only with ASA, PIX 7.x+, and FWSM 3.1+
devices.
For details about the properties, see the following topics:
RADIUS—See AAA Server Dialog Box—RADIUS Settings, page 6-32.
TACA CS +— Se e AAA Server Dialog Box—TACACS+ Settings, page6-35.
Kerberos—See AAA Server Dialog Box—Kerberos Settings, page 6-36.
LDAP—See AAA Server Dialog Box—LDAP Settings, page6-37.
NT—See AAA Server Dialog Box—NT Settings, page 6-40.
SDI—See AAA Server Dialog Box—SDI Settings, page 6-40.
HTTP-FORM—See AAA Server Dialog Box—HTTP-FORM Settings, page 6-41.
Step 7 (Optional) Under Category, select a category to help you identify this object in the Objects table. See
Using Category Objects, page 6-12.
Step 8 Click OK to save the object.
Add or Edit AAA Server Dialog Box
Use Add or Edit AAA Server dialog box to create, copy, and edit a AAA server object. These objects are
collected into AAA server group objects and identify the AAA servers that you want to use when
defining various AAA policies. In some cases these objects are used directly in a AAA policy.
For a description of the protocols you can use, see Supported AAA Server Types, page 6-25 and
Additional AAA Support on ASA, PIX, and FWSM Devices, page 6-26.