Information about authentication, Information about authorization – Cisco ASA 5505 User Manual
Page 682
35-2
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 35 Configuring AAA Servers and the Local Database
Information About AAA
•
RSA/SDI Server Support, page 35-5
•
•
Kerberos Server Support, page 35-6
•
LDAP Server Support, page 35-6
•
Local Database Support, Including as a Falback Method, page 35-8
•
How Fallback Works with Multiple Servers in a Group, page 35-8
•
Using Certificates and User Login Credentials, page 35-9
•
Task Flow for Configuring AAA, page 35-11
Information About Authentication
Authentication controls access by requiring valid user credentials, which are usually a username and
password. You can configure the ASA to authenticate the following items:
•
All administrative connections to the ASA, including the following sessions:
–
Telnet
–
SSH
–
Serial console
–
ASDM using HTTPS
–
VPN management access
•
The enable command
•
Network access
•
VPN access
Information About Authorization
Authorization controls access per user after users are authenticated. You can configure the ASA to
authorize the following items:
•
Management commands
•
Network access
•
VPN access
Authorization controls the services and commands that are available to each authenticated user. If you
did not enable authorization, authentication alone would provide the same access to services for all
authenticated users.
If you need the control that authorization provides, you can configure a broad authentication rule, and
then have a detailed authorization configuration. For example, you can authenticate inside users who try
to access any server on the outside network and then limit the outside servers that a particular user can
access using authorization.
The ASA caches the first 16 authorization requests per user, so if the user accesses the same services
during the current authentication session, the ASA does not resend the request to the authorization
server.