EasyManuals Logo

Cisco ASA 5512-X Cli Configuration Guide

Cisco ASA 5512-X
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #852 background imageLoading...
Page #852 background image
1-6
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring AAA Servers and the Local Database
Information About AAA
locks the username, preventing another (replica) server from accepting it. This actions means that the
same user cannot authenticate to two ASAs using the same authentication servers simultaneously. After
a successful username lock, the ASA sends the passcode.
RSA/SDI Primary and Replica Servers
The ASA obtains the server list when the first user authenticates to the configured server, which can be
either a primary or a replica. The ASA then assigns priorities to each of the servers on the list, and
subsequent server selection is derived at random from those assigned priorities. The highest priority
servers have a higher likelihood of being selected.
NT Server Support
The ASA supports Microsoft Windows server operating systems that support NTLM Version 1,
collectively referred to as NT servers.
Note NT servers have a maximum length of 14 characters for user passwords. Longer passwords are truncated,
which is a limitation of NTLM Version 1.
Kerberos Server Support
The ASA supports 3DES, DES, and RC4 encryption types.
Note The ASA does not support changing user passwords during tunnel negotiation. To avoid this situation
happening inadvertently, disable password expiration on the Kerberos/Active Directory server for users
connecting to the ASA.
For a simple Kerberos server configuration example, see Example 1-2 on page 1-18.
LDAP Server Support
The ASA supports LDAP. This section includes the following topics:
• Authentication with LDAP, page 1-6
• LDAP Server Types, page 1-7
Authentication with LDAP
During authentication, the ASA acts as a client proxy to the LDAP server for the user, and authenticates
to the LDAP server in either plain text or by using the SASL protocol. By default, the ASA passes
authentication parameters, usually a username and password, to the LDAP server in plain text.
The ASA supports the following SASL mechanisms, listed in order of increasing strength:
• Digest-MD5—The ASA responds to the LDAP server with an MD5 value computed from the
username and password.

Table of Contents

Other manuals for Cisco ASA 5512-X

Preview: Quick Start Guide
Quick Start Guide14 pages
Preview: Configuration Guide
Configuration Guide428 pages
Preview: Hardware Installation Guide
Hardware Installation Guide74 pages
Preview: Software Guide
Software Guide37 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5512-X and is the answer not in the manual?

Cisco ASA 5512-X Specifications

General IconGeneral
Firewall Throughput1.2 Gbps
VPN Throughput200 Mbps
Maximum VPN Peers250
Integrated IPSYes
IPS Throughput250 Mbps
RAM4 GB
Power SupplyAC, 100-240V
Security Contexts2 (Standard), 50 (with Security Contexts license)
Interfaces6 x Gigabit Ethernet
Dimensions (H x W x D)1.75 x 17.5 x 14.5 inches
Weight16 lbs

Related product manuals