Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

15-17

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 15 Managing Firewall AAA Rules

AAA Rules Page

AAA Server Group (PIX,

ASA, FWSM)

The AAA server group policy object that defines the AAA server that

should provide authentication, authorization, or accounting for the

traffic defined in the rule. Enter the name of the policy object or click

Select to select it from a list or to create a new object.

You must select a type of server that can perform all actions defined in

the rule. For example, the local database (defined on the device) cannot

provide authorization services. If you use a RADIUS server for

authentication, it automatically provides authorization services, but

you cannot define an authorization rule that uses a RADIUS server.

You can use a mix of server groups for different actions for the same

source/destination pair by creating separate rules for the desired

combination of authentication, authorization, and accounting actions.

For more information on AAA server group objects, see Understanding

AAA Server and Server Group Objects, page 6-24.

Tips

• If you select Authenticate Action and User-Identity, but not the

Authorization or Accounting actions, any server you specify here

is ignored. Do not select a server to avoid validation warnings.

• AAA server groups for IOS devices are defined in other policies.

For a complete explanation of the configuration, see Configuring

AAA Rules for IOS Devices, page 15-7.

• You can right-click the Server Group cell in an existing AAA rule

and choose Edit Server Group to change your selections. See Edit

Server Group Dialog Box, page 15-18 for more information.

Category The category assigned to the rule. Categories help you organize and

identify rules and objects. See Using Category Objects, page 6-12.

Method (IOS)

(not presented for ASA 9.0+

devices)

Choose Auth-Proxy, HTTP-basic, or NTLM.

If you choose Auth-Proxy, the following options are available:

• HTTP

• FTP

• Telnet

Specify the protocols for which you want to enforce authentication

using the authentication proxy. If you select HTTP, you can also

configure HTTPS authentication proxy by enabling SSL on the device.

For specific information, see Configuring AAA Rules for IOS Devices,

page 15-7.

You can right-click the AuthProxy cell in an existing AAA rule and

choose Edit AuthProxy to change your selections. See AuthProxy

Dialog Box, page 15-18 for more information.

Table 15-2 Add and Edit AAA Rules Dialog Boxes (Continued)

Element Description

previous next