AAA

Step 1.

Select an authentication protocol.

SecureMe wants to use an external RADIUS server for the Telnet and SSH connections to the security Cisco ASA. Navigate to Configuration > Features > Properties > AAA Setup > AAA Server Groups and click Add to specify the protocol used on Cisco ASA, as shown in Figure 19-15. The server group name is Rad and the selected protocol is RADIUS.

Figure 19-15. Specifying an Authentication Protocol

Step 2.

Define an authentication server.

To specify an authentication server, navigate to Configuration > Features > Properties > AAA Setup > AAA Servers and click Add to open the Add AAA Server window, shown in Figure 19-16. Select the server group name that is defined in the previous step. Because the AAA server resides toward the inside interface, select the inside interface from the drop-down menu. The IP address of the RADIUS server is 192.168.10.105 while the shared secret key between the server and the security Cisco ASA is cisco123 (which is displayed as asterisks).

Figure 19-16. Defining an Authentication Server

Step 3.

Map the configured authentication server.

Navigate to Configuration > Features > Device Administration > Administration > AAA Access > Authentication to map the configured RADIUS server to the appropriate login processes. As shown in Figure 19-17, select the server group Rad under Enable, SSH, and Telnet connections. In case the RADIUS server is not available, the security Cisco ASA is being set up to use the local user database for authentication. Click Apply to send the configuration commands to the security Cisco ASA.

Figure 19-17. Mapping the Authentication Server