Ali's Technology Blog
msgbartop
msgbarbottom

24 Aug 12 Cisco ASA Management Authentication via Microsoft RADIUS Server

Cisco ASA Management Authentication using Microsoft RADIUS (NPS – Network Policy Server 2008) Server

Previously I talked about how to setup Microsoft Network Policy Server 2008 so that you can use that to log into Cisco Switches and Routers. This post I am going to go over the steps I used to setup Cisco ASA 5520 with 8.4.3 code to authenticate against Microsoft Active Directory using Microsoft RADIUS Server (NPS – Network Policy Server 2008). There are slightly different steps.

  • From the Network Policy Server expand Policies and right click on Network Policies
  • You can choose and start creating a whole new policy and go through all the steps, but I chose to just clone the one I made for Cisco Switches and Routers
  • So if you want to clone it simply right click on the existing policy and choose Duplicate Policy
  • Once the policy is duplicated it will show up as disabled. Before you enable it you need to configure it. So here is how I updated it so that it can work with Cisco ASA 5520
  • Go to the Settings and change the Service-Type to Administrative from Login
  • Under Settings click on Vendor Specific and I removed what was in there as with Cisco ASA you can’t automatically get to the Exec Priv level
  • That was it I just moved the Cisco ASA policy above the one for the Cisco Switches and Routers, added the firewall under RADIUS Clients
  • Now here are the configuration lines I used on the Cisco ASA itself so that it can go talk to the RADIUS Server:

    aaa-server RADIUS protocol radius
    aaa-server RADIUS (inside) host X.X.X.X
    timeout 25
    key XXXXXXXXXXXXXXXX
    !
    aaa authentication http console RADIUS LOCAL
    aaa authentication ssh console RADIUS LOCAL
    aaa authentication enable console RADIUS LOCAL
    aaa authentication serial console RADIUS LOCAL
    aaa-server RADIUS max-failed-attempts 1
    aaa-server RADIUS deadtime 1
    aaa-server RADIUS host X.X.X.X timeout 1

Note:Use this as a reference point only. There are other configuration options available to tweak this according to your needs. Remember to always backup your work before you make any changes, always test configurations in the lab and never do anything that you can not undo 🙂

Tags: , , , , ,

Filed in Cisco, Cisco Security, Projects with 0 Comments
sidebartop

Keywords

sidebarbottom
sidebartop

Categories

sidebarbottom
sidebartop

Misc

sidebarbottom
sidebartop

Open Source

sidebarbottom
sidebartop

Tech Blogs

sidebarbottom
sidebartop

Tech Reference

sidebarbottom
sidebartop

Wireless

sidebarbottom
sidebartop

Meta

sidebarbottom
© Ali's Technology Blog / Design: Smashing Wordpress Themes
WordPress SEO