EasyManuals Logo
Home>Cisco>Network Hardware>ASA Series

Cisco ASA Series User Manual

Cisco ASA Series
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #849 background imageLoading...
Page #849 background image
1-3
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring AAA Servers and the Local Database
Information About AAA
Information About Accounting
Accounting tracks traffic that passes through the ASA, enabling you to have a record of user activity. If
you enable authentication for that traffic, you can account for traffic per user. If you do not authenticate
the traffic, you can account for traffic per IP address. Accounting information includes session start and
stop times, username, the number of bytes that pass through the ASA for the session, the service used,
and the duration of each session.
Summary of Server Support
Table 1-1 summarizes the support for each AAA service by each AAA server type, including the local
database. For more information about support for a specific AAA server type, see the topics following
the table.
Note In addition to the native protocol authentication listed in Table 1-1, the ASA supports proxying
authentication. For example, the ASA can proxy to an RSA/SDI and/or LDAP server via a RADIUS
server. Authentication via digital certificates and/or digital certificates with the AAA combinations
listed in the table are also supported.
Table 1-1 Summary of AAA Support
AAA Service
Database Type
Local
RADIU
S
TACACS
+
SDI
(RSA) NT Kerberos
LDA
P
HTTP
Form
Authentication of...
VPN users
1
1. For SSL VPN connections, either PAP or MS-CHAPv2 can be used.
Yes Yes Yes Ye s Yes Yes Yes Ye s
2
2. HTTP Form protocol supports both authentication and SSO operations for clientless SSL VPN users sessions only.
Firewall sessions Yes Ye s Yes Yes Yes Yes Yes No
Administrators Yes Yes Yes Yes
3
3. RSA/SDI is supported for ASDM HTTP administrative access with ASA 5500 software version 8.2(1) or later.
Yes Yes Ye s No
Authorization of...
VPN users Yes Yes No No No No Yes No
Firewall sessions No Yes
4
4. For firewall sessions, RADIUS authorization is supported with user-specific access lists only, which are received or specified
in a RADIUS authentication response.
Yes No No No No No
Administrators Yes
5
5. Local command authorization is supported by privilege level only.
No Yes No No No No No
Accounting of...
VPN connections No Yes Yes No No No No No
Firewall sessions No Yes Yes No No No No No
Administrators No Yes
6
6. Command accounting is available for TACACS+ only.
Yes No No No No No

Table of Contents

Other manuals for Cisco ASA Series

Preview: Configuration Guide
Configuration Guide428 pages
Preview: Mount And Connect
Mount And Connect12 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA Series and is the answer not in the manual?

Cisco ASA Series Specifications

General IconGeneral
BrandCisco
ModelASA Series
CategoryNetwork Hardware
LanguageEnglish

Related product manuals