EasyManuals Logo

Cisco 5510 - ASA SSL / IPsec VPN Edition Configuration Guide

Cisco 5510 - ASA SSL / IPsec VPN Edition
1822 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #655 background imageLoading...
Page #655 background image
31-9
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 31 Configuring AAA Servers and the Local Database
Configuring AAA Server Groups
The Add AAA Server Group dialog box appears.
Step 3 In the Server Group field, add a name for the group.
Step 4 From the Protocol drop-down list, choose the server type:
• RADIUS
• TAC ACS +
• SDI
• NT Domain
• Kerberos
• LDAP
• HTTP Form
Step 5 In the Accounting Mode field, click the radio button for the mode you want to use (Simultaneous or
Single).
In Single mode, the adaptive security appliance sends accounting data to only one server.
In Simultaneous mode, the adaptive security appliance sends accounting data to all servers in the group.
Note This option is not available for the following protocols: HTTP Form, SDI, NT, Kerberos, and
LDAP.
Step 6 In the Reactivation Mode field, click the radio button for the mode you want to use (Depletion or
Timed).
In Depletion mode, failed servers are reactivated only after all of the servers in the group are inactive.
In Timed mode, failed servers are reactivated after 30 seconds of down time.
Step 7 If you chose the Depletion reactivation mode, add a time interval in the Dead Time field.
The Dead Time is the duration of time, in minutes, that elapses between the disabling of the last server
in a group and the subsequent reenabling of all servers.
Step 8 In the Max Failed Attempts field, add the number of failed attempts permitted.
This option sets the number of failed connection attempts allowed before declaring a nonresponsive
server to be inactive.
Step 9 (Optional) If you are adding a RADIUS server type, perform the following steps:
a. Check the Enable interim accounting update check box if you want to enable multi-session
accounting for clientless SSL and AnyConnect sessions.
b. Click the VPN3K Compatibility Option to expand the list, and click one of the following radio
buttons to specify whether or not a downloadable ACL received from RADIUS should be merged
with a Cisco AV-pair ACL:
–
Do not merge
–
Place the downloadable ACL after Cisco AV-pair ACL
–
Place the downloadable ACL before Cisco AV-pair ACL
Step 10 Click OK.
The dialog box closes, and the server group is added to the AAA Server Groups table.
Step 11 In the AAA Server Groups dialog box, click Apply to save the changes.

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals