AAA by default and ASA 5505 and 5510

itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
Hey guys dumb question But I do not know.
and I looked on google cannot find my answer. I think yes but want to make sure.

I am configuring vpn devices on our dmz at work and was wondering in the ASA 5505 and 5510
is AAA new model turned on by default? because I can do the aaa authentication command etc...just wondering.
thanks mates
icon_redface.gif

Comments

  • BroadcastStormBroadcastStorm Member Posts: 496
    AAA is not turned on by default on ASA 5505 at least this is for pre 8.3.

    Authentication uses the ASA local database for password, you'll need to modify the authentication order behaviour.

    I would go in the ASA and issue show run aaa auth, hope this helps.
  • itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
    thanks man. I guess I did that already but just checking. Alittle rusty on the security stuff hhaaha i guess you dont use it you lose it ooops..thanks man appreciate the brush up...icon_cheers.gif
  • BroadcastStormBroadcastStorm Member Posts: 496
    Anytime.

    I'm glad I still remember, I had a project last year changing the RADIUS to TACACS+ on network devices pointed to Cisco ACS server to Microsoft AD.

    You can setup a free RADIUS server and point out your Cisco equipments to your RADIUS Server, then you can play around AAA.
  • itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
    broadcaststorm
    wow that sounds fun. yeah it would be nice to centralize authentication like that..but we just use AD as a RADIUS server for remote vpn clients
    mainly IT department or higher management. But would like to have it for everything someday ;)
  • BroadcastStormBroadcastStorm Member Posts: 496
    itdaddy wrote: »
    broadcaststorm
    wow that sounds fun. yeah it would be nice to centralize authentication like that..but we just use AD as a RADIUS server for remote vpn clients
    mainly IT department or higher management. But would like to have it for everything someday ;)

    Oh that's right you can setup Windows server as a Radius server and there's a slave/master configuration for their Radius server farm I forgot what it was.

    If you want a good security you can also add 802.11x port-based authentication that you can implement if your designing one :)

    I had a design before that I presented regarding this on Cisco cause the manager was paranoid.
  • itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
    Cisco cause the manager was paranoid.

    port based auth is extreme ahhahahaha ;) but you and I know better right! hee hee
    darn the managers.... but cool... and very tight I might add.
Sign In or Register to comment.