31-3
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 31 Configuring AAA Servers and the Local Database
AAA Server and Local Database Support
About Accounting
Accounting tracks traffic that passes through the adaptive security appliance, enabling you to have a
record of user activity. If you enable authentication for that traffic, you can account for traffic per user.
If you do not authenticate the traffic, you can account for traffic per IP address. Accounting information
includes session start and stop times, username, the number of bytes that pass through the adaptive
security appliance for the session, the service used, and the duration of each session.
AAA Server and Local Database Support
The adaptive security appliance supports a variety of AAA server types and a local database that is stored
on the adaptive security appliance. This section describes support for each AAA server type and the local
database, and includes the following topics:
• Summary of Support, page 31-3
• RADIUS Server Support, page 31-4
• TACACS+ Server Support, page 31-5
• RSA/SDI Server Support, page 31-5
• NT Server Support, page 31-6
• Kerberos Server Support, page 31-6
• LDAP Server Support, page 31-7
• HTTP Forms Authentication for Clientless SSL VPN, page 31-7
• Local Database Support, page 31-7
Summary of Support
Table 31-1 summarizes the support for each AAA service by each AAA server type, including the local
database. For more information about support for a specific AAA server type, see the topics following
the table.
Table 31-1 Summary of AAA Support
AAA Service
Database Type
Local RADIUS TACACS+ SDI (RSA) NT Kerberos LDAP HTTP Form
Authentication of...
VPN users
1
Yes Yes Ye s Yes Yes Yes Yes Yes
2
Firewal l se ssion s Ye s Yes Yes Ye s Yes Yes Yes No
Administrators Yes Yes Yes Yes
3
Yes Ye s Yes N o
Authorization of...
VPN users Yes Yes No No No No Yes No
Firewall sessions No Yes
4
Yes N o No No No No
Administrators Yes
5
No Yes No No No No No
Accounting of...
To Next Page
Loading...
Need help?
General
