AAA by default and ASA 5505 and 5510

itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
in CCNP
Hey guys dumb question But I do not know.
and I looked on google cannot find my answer. I think yes but want to make sure.

I am configuring vpn devices on our dmz at work and was wondering in the ASA 5505 and 5510
is AAA new model turned on by default? because I can do the aaa authentication command etc...just wondering.
thanks mates
icon_redface.gif
· Share on FacebookShare on Twitter

Comments

  • BroadcastStormBroadcastStorm Member Posts: 496
    AAA is not turned on by default on ASA 5505 at least this is for pre 8.3.

    Authentication uses the ASA local database for password, you'll need to modify the authentication order behaviour.

    I would go in the ASA and issue show run aaa auth, hope this helps.
    · Share on FacebookShare on Twitter
  • itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
    thanks man. I guess I did that already but just checking. Alittle rusty on the security stuff hhaaha i guess you dont use it you lose it ooops..thanks man appreciate the brush up...icon_cheers.gif
    · Share on FacebookShare on Twitter
  • BroadcastStormBroadcastStorm Member Posts: 496
    Anytime.

    I'm glad I still remember, I had a project last year changing the RADIUS to TACACS+ on network devices pointed to Cisco ACS server to Microsoft AD.

    You can setup a free RADIUS server and point out your Cisco equipments to your RADIUS Server, then you can play around AAA.
    · Share on FacebookShare on Twitter
  • itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
    broadcaststorm
    wow that sounds fun. yeah it would be nice to centralize authentication like that..but we just use AD as a RADIUS server for remote vpn clients
    mainly IT department or higher management. But would like to have it for everything someday ;)
    · Share on FacebookShare on Twitter
  • BroadcastStormBroadcastStorm Member Posts: 496
    itdaddy wrote: »
    broadcaststorm
    wow that sounds fun. yeah it would be nice to centralize authentication like that..but we just use AD as a RADIUS server for remote vpn clients
    mainly IT department or higher management. But would like to have it for everything someday ;)

    Oh that's right you can setup Windows server as a Radius server and there's a slave/master configuration for their Radius server farm I forgot what it was.

    If you want a good security you can also add 802.11x port-based authentication that you can implement if your designing one :)

    I had a design before that I presented regarding this on Cisco cause the manager was paranoid.
    · Share on FacebookShare on Twitter
  • itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
    Cisco cause the manager was paranoid.

    port based auth is extreme ahhahahaha ;) but you and I know better right! hee hee
    darn the managers.... but cool... and very tight I might add.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.