Cisco Cisco ASA for Nexus 1000V Series Switch Manuale Tecnico
ASA 8.3 and Later: Radius Authorization (ACS 5.x)
for VPN Access Using Downloadable ACL with CLI
and ASDM Configuration Example
for VPN Access Using Downloadable ACL with CLI
and ASDM Configuration Example
Document ID: 113449
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Background Information
Configure
Network Diagram
Prerequisites
Requirements
Components Used
Conventions
Background Information
Configure
Network Diagram
Configure Remote Access VPN (IPsec)
Configure the ASA with CLI
Configure ACS for Downloadable ACL for Individual User
Configure ACS for Downloadable ACL for Group
Configure ACS for Downloadable ACL for a Network Device Group
Configure IETF RADIUS Settings for a User Group
Cisco VPN Client Configuration
Verify
Show Crypto Commands
Downloadable ACL for User/Group
Filter−Id ACL
Troubleshoot
Clear Security Associations
Troubleshooting Commands
Related Information
Configure the ASA with CLI
Configure ACS for Downloadable ACL for Individual User
Configure ACS for Downloadable ACL for Group
Configure ACS for Downloadable ACL for a Network Device Group
Configure IETF RADIUS Settings for a User Group
Cisco VPN Client Configuration
Verify
Show Crypto Commands
Downloadable ACL for User/Group
Filter−Id ACL
Troubleshoot
Clear Security Associations
Troubleshooting Commands
Related Information
Introduction
This document describes how to configure the security appliance to authenticate users for network access.
Since you can implicitly enable RADIUS authorizations, this document contains no information about the
configuration of RADIUS authorization on the security appliance. It does provide information about how the
security appliance handles access list information received from RADIUS servers.
Since you can implicitly enable RADIUS authorizations, this document contains no information about the
configuration of RADIUS authorization on the security appliance. It does provide information about how the
security appliance handles access list information received from RADIUS servers.
You can configure a RADIUS server to download an access list to the security appliance or an access list
name at the time of authentication. The user is authorized to do only what is permitted in the user−specific
access list.
name at the time of authentication. The user is authorized to do only what is permitted in the user−specific
access list.
Downloadable access lists are the most scalable means when you use Cisco Secure Access Control Server
(ACS) to provide the appropriate access lists for each user. For more information on Downloadable Access
List Features and the Cisco Secure ACS, refer to Configuring a RADIUS Server to Send Downloadable
Access Control Lists and Downloadable IP ACLs.
(ACS) to provide the appropriate access lists for each user. For more information on Downloadable Access
List Features and the Cisco Secure ACS, refer to Configuring a RADIUS Server to Send Downloadable
Access Control Lists and Downloadable IP ACLs.
Refer to ASA/PIX 8.x: Radius Authorization (ACS) for Network Access using Downloadable ACL with CLI
and ASDM Configuration Example for the identical configuration on Cisco ASA with versions 8.2 and
and ASDM Configuration Example for the identical configuration on Cisco ASA with versions 8.2 and