Using certificates and user login credentials, Using user login credentials, Using certificates – Cisco ASA 5505 User Manual

Page 689

Advertising
background image

35-9

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 35 Configuring AAA Servers and the Local Database

Information About AAA

Using Certificates and User Login Credentials

The following section describes the different methods of using certificates and user login credentials
(username and password) for authentication and authorization. These methods apply to IPsec,
AnyConnect, and Clientless SSL VPN.

In all cases, LDAP authorization does not use the password as a credential. RADIUS authorization uses
either a common password for all users or the username as a password.

This section includes the following topics:

Using User Login Credentials, page 35-9

Using Certificates, page 35-9

Using User Login Credentials

The default method for authentication and authorization uses the user login credentials.

Authentication

Enabled by the authentication server group setting in the tunnel group (also called ASDM
Connection Profile)

Uses the username and password as credentials

Authorization

Enabled by the authorization server group setting in the tunnel group (also called ASDM
Connection Profile)

Uses the username as a credential

Using Certificates

If user digital certificates are configured, the ASA first validates the certificate. It does not, however, use
any of the DNs from certificates as a username for the authentication.

If both authentication and authorization are enabled, the ASA uses the user login credentials for both
user authentication and authorization.

Authentication

Enabled by the authentication server group setting

Uses the username and password as credentials

Authorization

Enabled by the authorization server group setting

Uses the username as a credential

If authentication is disabled and authorization is enabled, the ASA uses the primary DN field for
authorization.

Authentication

DISABLED (set to None) by the authentication server group setting

No credentials used

Authorization

Enabled by the authorization server group setting

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals