Chapter 4 Remote Access VPN Services

Adding AAA Server Devices to Your Repository

Table 4-1 Create AAA Server Fields

Field Name

 

Type

Instructions

 

 

 

 

 

 

Name

 

text box

Enter a name for the AAA server.

 

 

 

 

 

Owner

 

Select button

Specify whether the policy is global by clicking Global, or customer owned by

 

 

 

clicking Customer.

 

 

 

If you select Customer, you are required to specify the owner. Choose the customer

 

 

 

with which you want to associate the AAA server. To do this, click Customer >

 

 

 

Select. The Customer for IPsec Policy dialog box appears. Click the button next to

 

 

 

the customer you want to select and click Select (to choose that customer), or click

 

 

 

Cancel to exit the dialog box without saving changes. Both return you to the main

 

 

 

page.

 

 

 

 

 

IP Address

 

text box

Enter the IP address of the AAA server.

 

 

 

 

 

Server Type

 

drop-down

Click the drop-down list and select the type of the AAA server. The type can be

 

 

list

RADIUS, NTDOMAIN, SDI, or TACACS+. The NTDOMAIN and SDI options are

 

 

 

supported for the VPN 3000 only.

 

 

 

 

 

Server Role

 

drop-down

Click the drop-down list and select the server role for this AAA server:

 

 

list

AUTHENTICATION – Use as an authentication server only.

 

 

 

 

 

 

ACCOUNTING – Use as an accounting server only.

 

 

 

BOTH – Use as an authentication and accounting server.

 

 

 

 

 

Port

 

text box

Enter the authentication port number if the AAA server acts as an authentication

 

 

 

server. The default authentication port is 1645 for a RADIUS server.

 

 

 

 

 

Accounting Server

 

text box

Enter the accounting port number if the AAA server acts as an accounting server. The

Port

 

 

default accounting port is 1646 for a RADIUS server.

 

 

 

 

 

Timeout

 

text box

Enter the timeout in seconds for how long to wait after sending a query to the server

 

 

 

and receiving no response before trying again. The default is 4 seconds.

 

 

 

 

 

Retries

 

text box

Enter the number of times to retry sending a query to the server after the timeout

 

 

 

period. The default is 2.

 

 

 

 

 

Secret

 

text box

Enter the AAA server secret (also called the shared secret). The field displays only

 

 

 

asterisks.

 

 

 

 

 

Verify Secret

 

text box

Retype the AAA server secret. It must match what you entered in the Secret field

 

 

 

exactly.

 

 

 

 

 

Step 4

Click Save when done. The AAA Servers page appears with the newly created AAA server displayed in

 

the AAA server list, as shown in Figure 4-4.

Cisco IP Solution Center Integrated VPN Management Suite Security User Guide, 3.2

4-4

OL-5532-02

 

 

Page 3 Page 5
Page 4
Image 4
Cisco Systems OL-5532-02 Name, Owner Select button, IP Address, Server Type, Server Role, Port, Accounting Server, Timeout
Page 3 Page 5
Top Page Image Contents