EasyManuals Logo

Cisco 5510 - ASA SSL / IPsec VPN Edition Configuration Guide

Cisco 5510 - ASA SSL / IPsec VPN Edition
1822 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #707 background imageLoading...
Page #707 background image
33-9
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 33 Configuring AAA Rules for Network Access
Configuring Authorization for Network Access
Configuring the Authentication Proxy Limit
You can manually configure the uauth session limit by setting the maximum number of concurrent proxy
connections allowed per user.
To set the proxy limit, perform the following steps:
Step 1 From the Configuration > Firewall > AAA Rules pane, click Advanced.
The AAA Rules Advanced Options dialog box appears.
Step 2 In the Proxy Limit area, check Enable Proxy Limit.
Step 3 In the Proxy Limit field, enter the number of concurrent proxy connections allowed per user, from 1 to
128.
Step 4 Click OK, and then click Apply.
Configuring Authorization for Network Access
After a user authenticates for a given connection, the adaptive security appliance can use authorization
to further control traffic from the user.
This section includes the following topics:
• Configuring TACACS+ Authorization, page 33-9
• Configuring RADIUS Authorization, page 33-10
Configuring TACACS+ Authorization
You can configure the adaptive security appliance to perform network access authorization with
TAC ACS+.
Authentication and authorization rules are independent; however, any unauthenticated traffic matched
by an authorization rule will be denied. For authorization to succeed:
1. A user must first authenticate with the adaptive security appliance.
Because a user at a given IP address only needs to authenticate one time for all rules and types, if
the authentication session hasn’t expired, authorization can occur even if the traffic is not matched
by an authentication rule.
2. After a user authenticates, the adaptive security appliance checks the authorization rules for
matching traffic.
3. If the traffic matches the authorization rule, the adaptive security appliance sends the username to
the TACACS+ server.
4. The TACACS+ server responds to the adaptive security appliance with a permit or a deny for that
traffic, based on the user profile.
5. The adaptive security appliance enforces the authorization rule in the response.
See the documentation for your TACACS+ server for information about configuring network access
authorizations for a user.

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals