33-10
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 33 Configuring AAA Rules for Network Access
Configuring Authorization for Network Access
To configure TACACS+ authorization, perform the following steps:
Step 1 Enable authentication. For more information, see the “Configuring Authentication for Network Access”
section on page 33-1. If you have already enabled authentication, continue to the next step.
Step 2 From the Configuration > Firewall > AAA Rules pane, choose Add > Add Authorization Rule.
The Add Authorization Rule dialog box appears.
Step 3 From the Interface drop-down list, choose the interface for applying the rule.
Step 4 In the Action field, click one of the following, depending on the implementation:
• Authorize
• Do not Authorize.
Step 5 From the AAA Server Group drop-down list, choose a server group. To add a AAA server to the server
group, click Add Server. See the “Configuring AAA Server Groups” section on page 31-8 for more
information.
Only TACACS+ servers are supported.
Step 6 In the Source field, add the source IP address, or click the ellipsis (...) to choose an IP address already
defined in ASDM.
Step 7 In the Destination field, enter the destination IP address, or click the ellipsis (...) to choose an IP address
already defined in ASDM.
Step 8 In the Service field, enter an IP service name or number for the destination service, or click ellipsis (...)
button to choose a service.
Step 9 (Optional) In the Description field, add a description.
Step 10 (Optional) Click More Options to do any of the following:
• To specify a source service for TCP or UDP, enter a TCP or UDP service in the Source Service field.
The destination service and source service must be the same. Copy and paste the destination Service
field to the Source Service field.
• To make the rule inactive, uncheck Enable Rule.
You may not want to remove a rule, but instead turn it off.
• To set a time range for the rule, from the Time Range drop-down list, choose an existing time range.
To add a new time range, click the ellipsis (...). For more information, see the “Configuring Time
Ranges” section on page 13-15.
Step 11 Click OK.
The dialog box closes and the rule appears in the AAA Rules table.
Step 12 Click Apply.
The changes are saved to the running configuration.
Configuring RADIUS Authorization
When authentication succeeds, the RADIUS protocol returns user authorizations in the access-accept
message sent by a RADIUS server. For more information about configuring authentication, see the
“Configuring Authentication for Network Access” section on page 33-1.
To Next Page
Loading...
Need help?
General
