Cisco ASA 5505 Configuration Manual page 655
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Chapter 31
Configuring AAA Servers and the Local Database
The Add AAA Server Group dialog box appears.
In the Server Group field, add a name for the group.
Step 3
From the Protocol drop-down list, choose the server type:
Step 4
RADIUS
•
TACACS+
•
SDI
•
NT Domain
•
Kerberos
•
LDAP
•
HTTP Form
•
In the Accounting Mode field, click the radio button for the mode you want to use (Simultaneous or
Step 5
Single).
In Single mode, the adaptive security appliance sends accounting data to only one server.
In Simultaneous mode, the adaptive security appliance sends accounting data to all servers in the group.
Note
In the Reactivation Mode field, click the radio button for the mode you want to use (Depletion or
Step 6
Timed).
In Depletion mode, failed servers are reactivated only after all of the servers in the group are inactive.
In Timed mode, failed servers are reactivated after 30 seconds of down time.
If you chose the Depletion reactivation mode, add a time interval in the Dead Time field.
Step 7
The Dead Time is the duration of time, in minutes, that elapses between the disabling of the last server
in a group and the subsequent reenabling of all servers.
In the Max Failed Attempts field, add the number of failed attempts permitted.
Step 8
This option sets the number of failed connection attempts allowed before declaring a nonresponsive
server to be inactive.
(Optional) If you are adding a RADIUS server type, perform the following steps:
Step 9
Check the Enable interim accounting update check box if you want to enable multi-session
a.
accounting for clientless SSL and AnyConnect sessions.
Click the VPN3K Compatibility Option to expand the list, and click one of the following radio
b.
buttons to specify whether or not a downloadable ACL received from RADIUS should be merged
with a Cisco AV-pair ACL:
–
–
–
Click OK.
Step 10
The dialog box closes, and the server group is added to the AAA Server Groups table.
In the AAA Server Groups dialog box, click Apply to save the changes.
Step 11
OL-20339-01
This option is not available for the following protocols: HTTP Form, SDI, NT, Kerberos, and
LDAP.
Do not merge
Place the downloadable ACL after Cisco AV-pair ACL
Place the downloadable ACL before Cisco AV-pair ACL
Cisco ASA 5500 Series Configuration Guide using ASDM
Configuring AAA Server Groups
31-9
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
