Cisco Systems and the ASA Services Module Manual De Usuario

ciscoasa(config)# aaa accounting match SERVER_AUTH inside AuthOutbound

AAA provides an extra level of protection and control for user access than using ACLs alone. For 
example, you can create an ACL allowing all outside users to access Telnet on a server on the DMZ 
network. If you want only some users to access the server and you might not always know IP addresses 
of these users, you can enable AAA to allow only authenticated and/or authorized users to connect 
through the ASA. (The Telnet server enforces authentication, too; the ASA prevents unauthorized users 
from attempting to access the server.)

The ASA can exempt from authentication and authorization any traffic from specific MAC addresses. 
For example, if the ASA authenticates TCP traffic originating on a particular network, but you want to 
allow unauthenticated TCP connections from a specific server, you would use a MAC exempt rule to 
exempt from authentication and authorization any traffic from the server specified by the rule.

This feature is particularly useful to exempt devices such as IP phones that cannot respond to 
authentication prompts.