Sample Configuration Guide for Cisco Secure ACS and PIX Firewall - Index [Cisco Secure Access Control Server for Windows]

Table Of Contents
A - B - C - D - E - I - L - N - O - P - R - T - V -

A

AAA client

adding the TACACS+ AAA client 4-4

access policy configuration 5-5

accounting

Cisco Secure ACS

RADIUS accounting configuration 5-10

outbound RADIUS 2-5

PIX Firewall

RADIUS accounting configuration 5-9

ACLs with RADIUS

downloadable 3-8

downloadable ACLs

ACL set application to group 5-11

ACL set creation 5-10

for inbound RADIUS-based access 5-10

on Cisco Secure ACS 3-9

on PIX Firewall 3-12

PIX Firewall inbound RADIUS 5-12

local ACLs

overview 3-2

specification with Cisco Secure ACS 3-4

specification with PIX Firewall 3-3

overview 3-1

using the Cisco AV pair

on Cisco Secure ACS 3-6

on PIX Firewall 3-8

overview 3-5

authentication

inbound RADIUS 5-8

outbound RADIUS 2-3

AV pair

See Cisco AV pair

B

basic configuration

Cisco Secure ACS 1-4

PIX Firewall 1-4

C

cautions

significance of viii

Cisco AV pair

See also ACLs with RADIUS, using the Cisco AV pair

RADIUS ACLs using 3-5

Cisco Secure ACS

basic configuration 1-4

enable authentication and authorization 4-5

inbound RADIUS AAA remote administration 5-1

logging attributes 2-6

outbound RADIUS

configuration for accounting 2-6

configuration for authentication 2-4

RADIUS ACLs

downloadable 3-9

specification of local ACLs 3-4

using the Cisco AV pair 3-6

TACACS+ command authorization configuration 4-4

command authorization

See also command authorization configuration

applying command authorization set 4-11

commands and arguments 4-10

creating full 4-7

creating restricted 4-9

command authorization configuration

See also TACACS+ command authorization configuration

for TACACS+ 4-12

command examples

aaa accounting 2-6

aaa authentication 2-4, 4-12, 5-9

aaa authorization 4-12

aaa-server 2-3

access-list 3-3

console 4-12

enable 4-12

telnet 4-12

configuration

basic

Cisco Secure ACS 1-4

PIX Firewall 1-4

Cisco Secure ACS

TACACS+ command authorization 4-4

inbound RADIUS

AAA 5-1

authentication 5-8

PIX Firewall

AAA server 2-3

command authorization 4-12

TACACS+ command authorization 4-3

configuration code examples

create server group and add Cisco Secure ACS 2-3

PIX Firewall outbound RADIUS accounting 2-6

PIX Firewall outbound RADIUS authentication 2-4

PIX Firewall RADIUS specification of local ACLs 3-3

RADIUS accounting on PIX Firewall 5-9

RADIUS authentication on PIX Firewall 5-9

D

downloadable ACLs

See ACLs with RADIUS, downloadable

E

enable

authentication and authorization 4-5

example network diagram 1-2

I

inbound RADIUS

See RADIUS, inbound

L

local ACLs 3-2

N

network example 1-2

O

outbound RADIUS

See RADIUS

overview 1-1

P

PIX Firewall

AAA server configuration 2-3

AAA server configuration for TACACS+ 4-2

basic configuration 1-4

outbound RADIUS

configuration for accounting 2-6

configuration for authentication 2-4

downloadable ACLs for 3-12

RADIUS ACLs

downloadable 3-12

specification of local ACLs 3-3

using the Cisco AV pair 3-8

TACACS+ command authorization configuration 4-12

procedures

access policy configuration 5-6

adding the TACACS+ AAA client 4-4

applying command authorization set to junior administrators group 4-11

applying downloadable ACL set 5-11

applying downloadable ACL set to a group 3-11

Cisco Secure ACS configuration for outbound RADIUS accounting 2-6

Cisco Secure ACS configuration for outbound RADIUS authentication 2-4

Cisco Secure ACS RADIUS specification of local ACLs 3-4

Cisco Secure ACS specification of local ACLs 3-4

configuring enable authentication and authorization 4-6

configuring the Cisco RADIUS AV Pair to send ACLs 3-7

creating command authorizations for junior administrators 4-9

creating command authorizations for senior administrators 4-7

creating downloadable ACL set 3-10, 5-10

R

RADIUS

ACLs

See ACLs with RADIUS

inbound

AAA configuration scenario 5-3

AAA with remote Cisco Secure ACS 5-1

configuration 5-8

downloadable ACLs 5-10

outbound

AAA overview 2-1

Cisco Secure ACS accounting configuration 2-6

Cisco Secure ACS authentication configuration 2-4

PIX Firewall AAA server configuration 2-3

PIX Firewall accounting configuration 2-6

PIX Firewall authentication configuration 2-4

random numbers 2-3

remote administration

of inbound RADIUS AAA

on Cisco Secure ACS 5-1

preparation on Cisco Secure ACS 5-4

T

TACACS+

adding the TACACS+ AAA client 4-4

command authorization configuration 4-3

PIX Firewall AAA server configuration for 4-2

This viii

V

versions 1-2

	Sample Configuration Guide for Cisco Secure ACS and PIX Firewall
	Index
Sample Configuration Guide for Cisco Secure ACS and PIX Firewall Preface Overview Outbound RADIUS AAA ACLs with RADIUS PIX Firewall Command Authorization Inbound RADIUS AAA with Remote Cisco Secure ACS Administration Index	Download this chapter Index Table Of Contents A - B - C - D - E - I - L - N - O - P - R - T - V - A AAA client adding the TACACS+ AAA client 4-4 access policy configuration 5-5 accounting Cisco Secure ACS RADIUS accounting configuration 5-10 outbound RADIUS 2-5 PIX Firewall RADIUS accounting configuration 5-9 ACLs with RADIUS downloadable 3-8 downloadable ACLs ACL set application to group 5-11 ACL set creation 5-10 for inbound RADIUS-based access 5-10 on Cisco Secure ACS 3-9 on PIX Firewall 3-12 PIX Firewall inbound RADIUS 5-12 local ACLs overview 3-2 specification with Cisco Secure ACS 3-4 specification with PIX Firewall 3-3 overview 3-1 using the Cisco AV pair on Cisco Secure ACS 3-6 on PIX Firewall 3-8 overview 3-5 authentication inbound RADIUS 5-8 outbound RADIUS 2-3 AV pair See Cisco AV pair B basic configuration Cisco Secure ACS 1-4 PIX Firewall 1-4 C cautions significance of viii Cisco AV pair See also ACLs with RADIUS, using the Cisco AV pair RADIUS ACLs using 3-5 Cisco Secure ACS basic configuration 1-4 enable authentication and authorization 4-5 inbound RADIUS AAA remote administration 5-1 logging attributes 2-6 outbound RADIUS configuration for accounting 2-6 configuration for authentication 2-4 RADIUS ACLs downloadable 3-9 specification of local ACLs 3-4 using the Cisco AV pair 3-6 TACACS+ command authorization configuration 4-4 command authorization See also command authorization configuration applying command authorization set 4-11 commands and arguments 4-10 creating full 4-7 creating restricted 4-9 command authorization configuration See also TACACS+ command authorization configuration for TACACS+ 4-12 command examples aaa accounting 2-6 aaa authentication 2-4, 4-12, 5-9 aaa authorization 4-12 aaa-server 2-3 access-list 3-3 console 4-12 enable 4-12 telnet 4-12 configuration basic Cisco Secure ACS 1-4 PIX Firewall 1-4 Cisco Secure ACS TACACS+ command authorization 4-4 inbound RADIUS AAA 5-1 authentication 5-8 PIX Firewall AAA server 2-3 command authorization 4-12 TACACS+ command authorization 4-3 configuration code examples create server group and add Cisco Secure ACS 2-3 PIX Firewall outbound RADIUS accounting 2-6 PIX Firewall outbound RADIUS authentication 2-4 PIX Firewall RADIUS specification of local ACLs 3-3 RADIUS accounting on PIX Firewall 5-9 RADIUS authentication on PIX Firewall 5-9 D downloadable ACLs See ACLs with RADIUS, downloadable E enable authentication and authorization 4-5 example network diagram 1-2 I inbound RADIUS See RADIUS, inbound L local ACLs 3-2 N network example 1-2 O outbound RADIUS See RADIUS overview 1-1 P PIX Firewall AAA server configuration 2-3 AAA server configuration for TACACS+ 4-2 basic configuration 1-4 outbound RADIUS configuration for accounting 2-6 configuration for authentication 2-4 downloadable ACLs for 3-12 RADIUS ACLs downloadable 3-12 specification of local ACLs 3-3 using the Cisco AV pair 3-8 TACACS+ command authorization configuration 4-12 procedures access policy configuration 5-6 adding the TACACS+ AAA client 4-4 applying command authorization set to junior administrators group 4-11 applying downloadable ACL set 5-11 applying downloadable ACL set to a group 3-11 Cisco Secure ACS configuration for outbound RADIUS accounting 2-6 Cisco Secure ACS configuration for outbound RADIUS authentication 2-4 Cisco Secure ACS RADIUS specification of local ACLs 3-4 Cisco Secure ACS specification of local ACLs 3-4 configuring enable authentication and authorization 4-6 configuring the Cisco RADIUS AV Pair to send ACLs 3-7 creating command authorizations for junior administrators 4-9 creating command authorizations for senior administrators 4-7 creating downloadable ACL set 3-10, 5-10 R RADIUS ACLs See ACLs with RADIUS inbound AAA configuration scenario 5-3 AAA with remote Cisco Secure ACS 5-1 configuration 5-8 downloadable ACLs 5-10 outbound AAA overview 2-1 Cisco Secure ACS accounting configuration 2-6 Cisco Secure ACS authentication configuration 2-4 PIX Firewall AAA server configuration 2-3 PIX Firewall accounting configuration 2-6 PIX Firewall authentication configuration 2-4 random numbers 2-3 remote administration of inbound RADIUS AAA on Cisco Secure ACS 5-1 preparation on Cisco Secure ACS 5-4 T TACACS+ adding the TACACS+ AAA client 4-4 command authorization configuration 4-3 PIX Firewall AAA server configuration for 4-2 This viii V versions 1-2
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.