AAA implementation

vipinrajrc · ‎02-27-2011

Hi Experts,

I like to implement AAA in my environment. I have an ASA5505. Which is the best AAA server ??? I heard about FREERADIUS, RADIUS,TACACS...

I dont know much about these things.. Iam new to security.... Please guide me....

where do i start????

Thanks,

Vipin

Thanks and Regards, Vipin

andamani · ‎02-27-2011

Hi Vipin,

Choosing a AAA server is entirely your choice and depends on the design as well.

Here is the link that describes the difference between the two protocols.i.e. RADIUS and TACACS+

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml

Radius is free server while for TACACS+ you will have to pay and configure in the ACS

Configuration on ASA will be something like this:

# create a local user account on PIX.
username XXXX password XXXX privilege 15

# define server tag and set deadtime to 0
aaa-server protocol tacacs

# define radius servers
aaa-server (inside) host [ip address] [secret key]

# for console/telnet/ssh/http authentication
# LOCAL at the end will let the authentication to fallback to local PIX.
aaa authentication serial console LOCAL
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL

#for command accounting.
aaa accounting command

AAA server will vary depending on what you have as a AAA server.

Hope this helps.

Regards,

Anisha

P.S.: Please mark this thread as answered if you feel your query is resolved . Do rate helpful posts.

AAA implementation

An Easy Three-Step ThousandEyes Adoption Implementation Workflow

Implementation of QoS of MQC Architecture Framework and Syntax

Implementing Network Time Protocol (NTP)

Implemention of IPsec VPNs

Implementing IPSec over GRE