Filter
Top Products
15-18
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 15 Managing Firewall AAA Rules
AAA Rules Page
Edit AAA Option Dialog Box
Use the Edit AAA Option dialog box to select whether the rule performs authentication (with or without
user identity), authorization, or accounting. Authorization and accounting rules work only on ASA, PIX,
and FWSM devices. For a complete explanation of these options, see the related explanations in the
following topics:
• Add and Edit AAA Rule Dialog Boxes, page 15-13
• Understanding AAA Rules, page 15-1
Navigation Path
Right-click the Action cell in a AAA rule (on the AAA Rules Page, page 15-10) and select Edit AAA.
AuthProxy Dialog Box
Use the AuthProxy dialog box to edit the authorization proxy settings in a AAA rule. For IOS devices,
select the protocols (HTTP, FTP, or Telnet) for which you want to enforce authentication using the
authentication proxy. If you select HTTP, you can also configure HTTPS authentication proxy by
enabling SSL on the device. For specific information, see Configuring AAA Rules for IOS Devices,
page 15-7.
Navigation Path
Right-click the AuthProxy cell in a AAA rule (on the AAA Rules Page, page 15-10) and select Edit
AuthProxy.
Edit Server Group Dialog Box
Use the Edit Server Group dialog box to edit the AAA server group used in a AAA rule, which defines
the AAA server that should provide authentication, authorization, or accounting for the traffic defined
in the rule. Enter the name of the policy object or click Select to select it from a list or to create a new
object. For more information on AAA server group objects, see Understanding AAA Server and Server
Group Objects, page 6-24.
You must select a type of server that can perform all actions defined in the rule. For example, the local
database (defined on the device) cannot provide authorization services. If you use a RADIUS server for
authentication, it automatically provides authorization services, but you cannot define an authorization
rule that uses a RADIUS server. Unlike the Add and Edit AAA Rule Dialog Boxes, page 15-13, this
dialog box does not validate your selection.
Note This setting applies only to ASA, PIX, and FWSM devices. AAA server groups for IOS devices are
defined in other policies. For a complete explanation of the configuration, see Configuring AAA Rules
for IOS Devices, page 15-7.
Navigation Path
Right-click the Server Group cell in a AAA rule (on the AAA Rules Page, page 15-10) and select Edit
Server Group.