EasyManuals Logo

Cisco 5510 - ASA SSL / IPsec VPN Edition Configuration Guide

Cisco 5510 - ASA SSL / IPsec VPN Edition
1822 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #651 background imageLoading...
Page #651 background image
31-5
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 31 Configuring AAA Servers and the Local Database
AAA Server and Local Database Support
If you use double authentication and enable password management in the tunnel group, then the primary
and secondary authentication requests include MS-CHAPv2 request attributes. If a RADIUS server does
not support MS-CHAPv2, then you can configure that server to send a non-MS-CHAPv2 authentication
request by using the no mschapv2-capable command.
Attribute Support
The adaptive security appliance supports the following sets of RADIUS attributes:
• Authentication attributes defined in RFC 2138.
• Accounting attributes defined in RFC 2139.
• RADIUS attributes for tunneled protocol support, defined in RFC 2868.
• Cisco IOS VSAs, identified by RADIUS vendor ID 9.
• Cisco VPN-related VSAs, identified by RADIUS vendor ID 3076.
• Microsoft VSAs, defined in RFC 2548.
• Cisco VSA (Cisco-Priv-Level), which provides a standard 0-15 numeric ranking of privileges, with
1 being the lowest level and 15 being the highest level. A zero level indicates no privileges. The first
level (login) allows privileged EXEC access for the commands available at this level. The second
level (enable) allows CLI configuration privileges.
RADIUS Authorization Functions
The adaptive security appliance can use RADIUS servers for user authorization for network access using
dynamic access lists or access list names per user. To implement dynamic access lists, you must
configure the RADIUS server to support it. When the user authenticates, the RADIUS server sends a
downloadable access list or access list name to the adaptive security appliance. Access to a given service
is either permitted or denied by the access list. The adaptive security appliance deletes the access list
when the authentication session expires.
TACACS+ Server Support
The adaptive security appliance supports TACACS+ authentication with ASCII, PAP, CHAP, and
MS-CHAPv1.
RSA/SDI Server Support
The RSA SecureID servers are also known as SDI servers.
This section includes the following topics:
• RSA/SDI Version Support, page 31-6
• Two-step Authentication Process, page 31-6
• RSA/SDI Primary and Replica Servers, page 31-6

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals