1-9
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring AAA Servers and the Local Database
Information About AAA
Using Certificates and User Login Credentials
The following section describes the different methods of using certificates and user login credentials
(username and password) for authentication and authorization. These methods apply to IPsec,
AnyConnect, and Clientless SSL VPN.
In all cases, LDAP authorization does not use the password as a credential. RADIUS authorization uses
either a common password for all users or the username as a password.
This section includes the following topics:
• Using User Login Credentials, page 1-9
• Using Certificates, page 1-9
Using User Login Credentials
The default method for authentication and authorization uses the user login credentials.
• Authentication
–
Enabled by the authentication server group setting in the tunnel group (also called ASDM
Connection Profile)
–
Uses the username and password as credentials
• Authorization
–
Enabled by the authorization server group setting in the tunnel group (also called ASDM
Connection Profile)
–
Uses the username as a credential
Using Certificates
If user digital certificates are configured, the ASA first validates the certificate. It does not, however, use
any of the DNs from certificates as a username for the authentication.
If both authentication and authorization are enabled, the ASA uses the user login credentials for both
user authentication and authorization.
• Authentication
–
Enabled by the authentication server group setting
–
Uses the username and password as credentials
• Authorization
–
Enabled by the authorization server group setting
–
Uses the username as a credential
If authentication is disabled and authorization is enabled, the ASA uses the primary DN field for
authorization.
• Authentication
–
DISABLED (set to None) by the authentication server group setting
–
No credentials used
• Authorization
–
Enabled by the authorization server group setting
To Next Page
Loading...
Need help?
General
