Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 251

    Page 251 8-11 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 8 Configuring AAA Rules for Network Access Configuring Authentication for Network Access that requires authentication is allowed through. If you do not want to allow HTTP, Telnet, or FTP traffic through the ASA, but want to authenticate other types of traffic, you can configure virtual Telnet; the user Telnets to a given IP address configured on the ASA, and the ASA issues a Telnet prompt. When an unauthenticated user connects... 
     
8-11
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 8      Configuring AAA Rules for Network Access
  Configuring Authentication for Network Access
that requires authentication is allowed through. If you do not want to allow HTTP, Telnet, or FTP traffic 
through the ASA, but want to authenticate other types of traffic, you can configure virtual Telnet; the 
user Telnets to a given IP address configured on the ASA, and the ASA issues a Telnet prompt.
When an unauthenticated user connects...

    Page 252

    Page 252 8-12 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 8 Configuring AAA Rules for Network Access Configuring Authorization for Network Access Configuring Authorization for Network Access After a user authenticates for a given connection, the ASA can use authorization to further control traffic from the user. This section includes the following topics: Configuring TACACS+ Authorization, page 8-12 Configuring RADIUS Authorization, page 8-13 Configuring TACACS+ Authorization You can... 
     
8-12
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 8      Configuring AAA Rules for Network Access
  Configuring Authorization for Network Access
Configuring Authorization for Network Access
After a user authenticates for a given connection, the ASA can use authorization to further control traffic 
from the user.
This section includes the following topics:
Configuring TACACS+ Authorization, page 8-12
Configuring RADIUS Authorization, page 8-13
Configuring TACACS+ Authorization
You can...

    Page 253

    Page 253 8-13 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 8 Configuring AAA Rules for Network Access Configuring Authorization for Network Access Step 8In the Service field, enter an IP service name or number for the destination service, or click the ellipsis (...) to choose a service. Step 9(Optional) In the Description field, enter a description. Step 10(Optional) Click More Options to do any of the following: To specify a source service for TCP or UDP, enter a TCP or UDP service in... 
     
8-13
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 8      Configuring AAA Rules for Network Access
  Configuring Authorization for Network Access
Step 8In the Service field, enter an IP service name or number for the destination service, or click the ellipsis 
(...) to choose a service.
Step 9(Optional) In the Description field, enter a description.
Step 10(Optional) Click More Options to do any of the following:
To specify a source service for TCP or UDP, enter a TCP or UDP service in...

    Page 254

    Page 254 8-14 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 8 Configuring AAA Rules for Network Access Configuring Authorization for Network Access Configuring a RADIUS Server to Send Downloadable Access Control Lists This section describes how to configure Cisco Secure ACS or a third-party RADIUS server and includes the following topics: About the Downloadable ACL Feature and Cisco Secure ACS, page 8-14 Configuring Cisco Secure ACS for Downloadable ACLs, page 8-15 Configuring Any RADIUS... 
     
8-14
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 8      Configuring AAA Rules for Network Access
  Configuring Authorization for Network Access
Configuring a RADIUS Server to Send Downloadable Access Control Lists
This section describes how to configure Cisco Secure ACS or a third-party RADIUS server and includes 
the following topics:
About the Downloadable ACL Feature and Cisco Secure ACS, page 8-14
Configuring Cisco Secure ACS for Downloadable ACLs, page 8-15
Configuring Any RADIUS...

    Page 255

    Page 255 8-15 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 8 Configuring AAA Rules for Network Access Configuring Authorization for Network Access 4.After receipt of a RADIUS authentication request that has a username attribute that includes the name of a downloadable ACL, Cisco Secure ACS authenticates the request by checking the Message-Authenticator attribute. If the Message-Authenticator attribute is missing or incorrect, Cisco Secure ACS ignores the request. The presence of the... 
     
8-15
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 8      Configuring AAA Rules for Network Access
  Configuring Authorization for Network Access
4.After receipt of a RADIUS authentication request that has a username attribute that includes the 
name of a downloadable ACL, Cisco Secure ACS authenticates the request by checking the 
Message-Authenticator attribute. If the Message-Authenticator attribute is missing or incorrect, 
Cisco Secure ACS ignores the request. The presence of the...

    Page 256

    Page 256 8-16 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 8 Configuring AAA Rules for Network Access Configuring Authorization for Network Access | permit udp any host 10.0.0.253 | | permit icmp any host 10.0.0.253 | | permit tcp any host 10.0.0.252 | | permit udp any host 10.0.0.252 | | permit icmp any host 10.0.0.252 | | permit ip any any | +--------------------------------------------+ For more... 
     
8-16
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 8      Configuring AAA Rules for Network Access
  Configuring Authorization for Network Access
| permit udp any host 10.0.0.253             |
| permit icmp any host 10.0.0.253            |
| permit tcp any host 10.0.0.252             |
| permit udp any host 10.0.0.252             |
| permit icmp any host 10.0.0.252            |
| permit ip any any                          |
+--------------------------------------------+
For more...

    Page 257

    Page 257 8-17 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 8 Configuring AAA Rules for Network Access Configuring Accounting for Network Access The username argument is the name of the user that is being authenticated. The downloaded ACL on the ASA consists of the following lines. Notice the order based on the numbers identified on the RADIUS server. access-list AAA-user-bcham34-79AD4A08 permit tcp 10.1.0.0 255.0.0.0 10.0.0.0 255.0.0.0 access-list AAA-user-bcham34-79AD4A08 permit udp... 
     
8-17
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 8      Configuring AAA Rules for Network Access
  Configuring Accounting for Network Access
The username argument is the name of the user that is being authenticated.
The downloaded ACL on the ASA consists of the following lines. Notice the order based on the numbers 
identified on the RADIUS server.
access-list AAA-user-bcham34-79AD4A08 permit tcp 10.1.0.0 255.0.0.0 10.0.0.0 255.0.0.0
access-list AAA-user-bcham34-79AD4A08 permit udp...

    Page 258

    Page 258 8-18 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 8 Configuring AAA Rules for Network Access Configuring Accounting for Network Access accounting information by IP address. Accounting information includes session start and stop times, username, the number of bytes that pass through the ASA for the session, the service used, and the duration of each session. To configure accounting, perform the following steps: Step 1If you want the ASA to provide accounting data per user, you... 
     
8-18
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 8      Configuring AAA Rules for Network Access
  Configuring Accounting for Network Access
accounting information by IP address. Accounting information includes session start and stop times, 
username, the number of bytes that pass through the ASA for the session, the service used, and the 
duration of each session.
To configure accounting, perform the following steps:
Step 1If you want the ASA to provide accounting data per user, you...

    Page 259

    Page 259 8-19 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 8 Configuring AAA Rules for Network Access Using MAC Addresses to Exempt Traffic from Authentication and Authorization of these users, you can enable AAA to allow only authenticated and/or authorized users to connect through the ASA. (The Telnet server enforces authentication, too; the ASA prevents unauthorized users from attempting to access the server.) Using MAC Addresses to Exempt Traffic from Authentication and... 
     
8-19
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 8      Configuring AAA Rules for Network Access
  Using MAC Addresses to Exempt Traffic from Authentication and Authorization
of these users, you can enable AAA to allow only authenticated and/or authorized users to connect 
through the ASA. (The Telnet server enforces authentication, too; the ASA prevents unauthorized users 
from attempting to access the server.)
Using MAC Addresses to Exempt Traffic from Authentication 
and...

    Page 260

    Page 260 8-20 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 8 Configuring AAA Rules for Network Access Feature History for AAA Rules Feature History for AAA Rules Ta b l e 8 - 1 lists each feature change and the platform release in which it was implemented. ASDM is backwards-compatible with multiple platform releases, so the specific ASDM release in which support was added is not listed. Table 8-1 Feature History for AAA Rules Feature NamePlatform Releases Feature Information AAA Rules... 
     
8-20
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 8      Configuring AAA Rules for Network Access
  Feature History for AAA Rules
Feature History for AAA Rules
Ta b l e 8 - 1 lists each feature change and the platform release in which it was implemented. ASDM is 
backwards-compatible with multiple platform releases, so the specific ASDM release in which support 
was added is not listed.
Table 8-1 Feature History for AAA Rules
Feature NamePlatform 
Releases Feature Information
AAA Rules...
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals