Cisco Systems OL-12180-01 Identifying AAA Server Groups and Servers

ASDM User Guide

Chapter12 Configuring AAA Servers and User Accounts

Identifying AAA Server Groups and Servers

Subnet Mask list—Specifies the subnet mask for the Dedicated IP address.

Checkthe Group Lock check box to restrict users to remote access through this group only. Group Lock

restricts users by checking if the group configured in the VPN client is the same as the user’s assigned

group. If it is not, the VPN Concentrator prevents the user from connecting.

createat least one AAA server group per AAA protocol and add one or more servers to each group. You

identify AAA server groups by name. Each server group is specific to one type of server: Kerberos,

LDAP, NT, RADIUS, SDI, or TACACS+.

The security appliance contacts the first server in the group. If that server is unavailable, the security

appliancecontacts the next server in the group, if configured. If all servers in the group are unavailable,

the security appliance tries the local database if you configured it as a fallback method (management

authentication and authorization only). If you do not have a fallback method, the security appliance

continues to try the AAA servers.

This section includes the following topics:

the servers listed in each group.

Youcan have up to 15 groups in single-mode or 4 groups in multi-mode. Each group can have up to 16

servers in single mode or 4 serversin multi-mode. When a user logs in, the servers are accessed one at

a time, starting with the first server you specify, until a server responds.

Firewall Mode Security Context

Routed Transparent Single

Context System

••••—