Corporate Headquarters



Download 2,05 Mb.
Pdf ko'rish
bet114/135
Sana21.04.2022
Hajmi2,05 Mb.
#569058
1   ...   110   111   112   113   114   115   116   117   ...   135
Bog'liq
vpn cg

Command
Purpose
Step 1
hq-sanjose(config)# 
aaa new-model
Enables the AAA functionality on the router.
Step 2
hq-sanjose(config)# 
aaa authentication login 
default
TACACS+ RADIUS
Defines the list of authentication methods at login.
Step 3
hq-sanjose(config)# 
aaa authorization 
auth-proxy default
[
method1
[
method2
...]]
Enables authentication proxy for AAA methods.
Step 4
hq-sanjose(config)#
 tacacs-server host
hostname
Specifies an AAA server. For RADIUS servers, use the 
radius 
server host
command.
Step 5
hq-sanjose(config)#
 tacacs-server key
sting
Sets the authentication and encryption key for communications 
between the router and the AAA server. For RADIUS servers 
use the 
radiusserverkey
command.

4-9
Cisco IOS VPN Configuration Guide
OL-8336-01
Chapter 4 Remote Access VPN Business Scenarios
Configuring Cisco IOS Firewall Authentication Proxy
In addition to configuring AAA on the firewall router, the authentication proxy requires a per-user access 
profile configuration on the AAA server. To support the authentication proxy, configure the AAA 
authorization service “auth-proxy” on the AAA server as outlined here:

Define a separate section of authorization for 
auth-proxy
to specify the downloadable user profiles. 
This does not interfere with other types of service, such as EXEC. The following example shows a 
user profile on a TACACS server:
default authorization = permit
key = cisco
user = newuser1 {
login = cleartext cisco
service = auth-proxy
{
priv-lvl=15
proxyacl#1="permit tcp any any eq 26"
proxyacl#2="permit icmp any host 60.0.0.2”
proxyacl#3="permit tcp any any eq ftp"
proxyacl#4="permit tcp any any eq ftp-data"
proxyacl#5="permit tcp any any eq smtp"
proxyacl#6="permit tcp any any eq telnet"

Download 2,05 Mb.

Do'stlaringiz bilan baham:
1   ...   110   111   112   113   114   115   116   117   ...   135



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish