Cisco ASA Series Cli Configuration Manual page 855

Chapter 1 Configuring AAA Servers and the Local Database
Using Certificates and User Login Credentials
The following section describes the different methods of using certificates and user login credentials
(username and password) for authentication and authorization. These methods apply to IPsec,
AnyConnect, and Clientless SSL VPN.
In all cases, LDAP authorization does not use the password as a credential. RADIUS authorization uses
either a common password for all users or the username as a password.
This section includes the following topics:
•
•
Using User Login Credentials
The default method for authentication and authorization uses the user login credentials.
•
•
Using Certificates
If user digital certificates are configured, the ASA first validates the certificate. It does not, however, use
any of the DNs from certificates as a username for the authentication.
If both authentication and authorization are enabled, the ASA uses the user login credentials for both
user authentication and authorization.
•
•
If authentication is disabled and authorization is enabled, the ASA uses the primary DN field for
authorization.
•
•
Using User Login Credentials, page 1-9
Using Certificates, page 1-9
Authentication
–
Enabled by the authentication server group setting in the tunnel group (also called ASDM
Connection Profile)
–
Uses the username and password as credentials
Authorization
–
Enabled by the authorization server group setting in the tunnel group (also called ASDM
Connection Profile)
–
Uses the username as a credential
Authentication
–
Enabled by the authentication server group setting
–
Uses the username and password as credentials
Authorization
–
Enabled by the authorization server group setting
–
Uses the username as a credential
Authentication
–
DISABLED (set to None) by the authentication server group setting
–
No credentials used
Authorization
–
Enabled by the authorization server group setting
Information About AAA
Cisco ASA Series CLI Configuration Guide
1-9