EasyManuals Logo

Cisco ASA 5540 User Manual

Cisco ASA 5540
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1036 background imageLoading...
Page #1036 background image
1-8
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring AAA Rules for Network Access
Configuring Authentication for Network Access
Examples
The following example authenticates all inside HTTP traffic and SMTP traffic:
hostname(config)# aaa-server AuthOutbound protocol tacacs+
hostname(config-aaa-server-group)# exit
hostname(config)# aaa-server AuthOutbound (inside) host 10.1.1.1
hostname(config-aaa-server-host)# key TACPlusUauthKey
hostname(config-aaa-server-host)# exit
hostname(config)# access-list MAIL_AUTH extended permit tcp any any eq smtp
hostname(config)# access-list MAIL_AUTH extended permit tcp any any eq www
hostname(config)# aaa authentication match MAIL_AUTH inside AuthOutbound
hostname(config)# aaa authentication listener http inside redirect
The following example authenticates Telnet traffic from the outside interface to a particular server
(209.165.201.5):
hostname(config)# aaa-server AuthInbound protocol tacacs+
hostname(config-aaa-server-group)# exit
hostname(config)# aaa-server AuthInbound (inside) host 10.1.1.1
hostname(config-aaa-server-host)# key TACPlusUauthKey
hostname(config-aaa-server-host)# exit
hostname(config)# access-list TELNET_AUTH extended permit tcp any host 209.165.201.5
eq
telnet
hostname(config)# aaa authentication match TELNET_AUTH outside AuthInbound
Step 4
aaa authentication listener http[s] interface_name
[port portnum] redirect
Example:
hostname(config)# aaa authentication listener http
inside redirect
(Optional) Enables the redirection method of
authentication for HTTP or HTTPS connections.
The interface_name argument is the interface on
which you want to enable listening ports. The port
portnum argument specifies the port number on
which the ASA listens; the defaults are 80 (HTTP)
and 443 (HTTPS).
You can use any port number and retain the same
functionality, but be sure your direct authentication
users know the port number; redirected traffic is sent
to the correct port number automatically, but direct
authenticators must specify the port number
manually.
Enter this command separately for HTTP and for
HTTPS.
Step 5
aaa local authentication attempts max-fail number
Example:
hostname(config)# aaa local authentication attempts
max-fail 7
(Optional) Uses the local database for network
access authentication and limits the number of
consecutive failed login attempts that the ASA
allows any given user account (with the exception of
users with a privilege level of 15. This feature does
not affect level 15 users). The number argument
value is between 1 and 16.
Tip To clear the lockout status of a specific user
or all users, use the clear aaa local user
lockout command.
Command Purpose

Table of Contents

Other manuals for Cisco ASA 5540

Preview: Configuration Guide
Configuration Guide1822 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5540 and is the answer not in the manual?

Cisco ASA 5540 Specifications

General IconGeneral
Firewall Throughput650 Mbps
Maximum Firewall Connections400, 000
VPN Throughput225 Mbps
Maximum VPN Peers5, 000
High AvailabilityActive/Active, Active/Standby
IPSec VPN Throughput225 Mbps
Memory1 GB
IPS Throughput225 Mbps
Security Contexts50
Flash Memory64 MB
Form Factor1U
Power SupplyDual
Interfaces4 x 10/100/1000 Ethernet

Related product manuals