Name: Cisco 5510 - ASA SSL / IPsec VPN Edition
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

B-39

Cisco ASA 5500 Series Configuration Guide using ASDM

OL-20339-01

Appendix B Configuring an External Server for Authorization and Authentication

Configuring an External TACACS+ Server

The adaptive security appliance provides support for TACACS+ attributes. TACACS+ separates the

functions of authentication, authorization, and accounting. The protocol supports two types of attributes:

mandatory and optional. Both the server and client must understand a mandatory attribute, and the

mandatory attribute must be applied to the user. An optional attribute may or may not be understood or

used.

Note To use TACACS+ attributes, make sure you have enabled AAA services on the NAS.

Table B-9 lists supported TACACS+ authorization response attributes for cut-through-proxy

connections. Table B-10 lists supported TACACS+ accounting attributes.

IETF-Radius-Idle-Timeout Y Y Y 28 Integer Single seconds

IETF-Radius-Service-Type Y Y Y 6 Integer Single seconds. Possible Service Type

values:

.Administrative—user is allowed

access to configure prompt.

.NAS-Prompt—user is allowed

access to exec prompt.

.remote-access—user is allowed

network access

IETF-Radius-Session-Timeout Y Y Y 27 Integer Single seconds

Table B-8 Security Appliance Supported IETF RADIUS Attributes and Values

Table B-9 Supported TACACS+ Authorization Response Attributes

Attribute Description

acl Identifies a locally configured access list to be applied to the connection.

idletime Indicates the amount of inactivity in minutes that is allowed before the

authenticated user session is terminated.

timeout Specifies the absolute amount of time in minutes that authentication credentials

remain active before the authenticated user session is terminated.

Table B-10 Supported TACACS+ Accounting Attributes

Attribute Description

bytes_in Specifies the number of input bytes transferred during this connection (stop

records only).

bytes_out Specifies the number of output bytes transferred during this connection (stop

records only).

cmd Defines the command executed (command accounting only).

disc-cause Indicates the numeric code that identifies the reason for disconnecting (stop

records only).

Brand	Cisco
Model	5510 - ASA SSL / IPsec VPN Edition
Category	Firewall
Language	English

Cisco 5510 - ASA SSL / IPsec VPN Edition Configuration Guide

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Questions and Answers:

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

Related product manuals