osloboy
asked on
AAA Functionality for CISCO Devices
hi experts,
i got around 50 CISCO devices including Switches, Routers, IDS, IPS, CISCO WORKS.
want to achieve AAA.
what are possible solutions (FREE and Commercial) can be possible, i am already using LDAP for VPN users.
as i know TACACS + is cisco proprietary, what else is there
i got around 50 CISCO devices including Switches, Routers, IDS, IPS, CISCO WORKS.
want to achieve AAA.
what are possible solutions (FREE and Commercial) can be possible, i am already using LDAP for VPN users.
as i know TACACS + is cisco proprietary, what else is there
ASKER
erniebeek:
please give some more details as ENGLISH is mixed up
1) Kerberos and HTTP form (can only be used for VPN user aythentication)???? is it not recmonded or at all we can not use it
please give some more details as ENGLISH is mixed up
1) Kerberos and HTTP form (can only be used for VPN user aythentication)???? is it not recmonded or at all we can not use it
Not quite, did you have a look at the link I provided? It shows a nice overview.
HTTP form can only be used for VPN user authentication. so that is all you can use it for.
Kerberos can be use for authentication of VPN users, Firewall sessions and Administrators. But not for authorization or accounting.
HTTP form can only be used for VPN user authentication. so that is all you can use it for.
Kerberos can be use for authentication of VPN users, Firewall sessions and Administrators. But not for authorization or accounting.
ASKER
its clear, thanks
just a layman thought.
as TACACS+ is commercial, and in case of less $, what can be your Second best choice.
just a layman thought.
as TACACS+ is commercial, and in case of less $, what can be your Second best choice.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
great
You're welcome, glad I could help :)
Thx for the points.
Thx for the points.
Have a look at: http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/user/guide/aaasetup.html#wp1280273