ASA Authentication Proxy with ACS

Goal: all outbound telnet and HTTP connections passing through the ASA must first be authenticated against an ACS server using the TACACS+ protocol.

aaa-server ACS_SERVER protocol tacacs+
aaa-server ACS_SERVER (inside) host 1.2.3.4
    key myACSkey
!
access-list outbound_auth permit tcp any any eq 23
access-list outbound_auth permit tcp any any eq 80
!
aaa authentication match outbound_auth inside ACS_SERVER

There are additional options to configure HTTP vs. HTTPS and redirection vs. basic HTTP authentication. The documentation is a bit confusing, so I will be labbing this up shortly.

Posted in AAA, ASA, CCIE, CCIE Security.

No comments

By blanders – July 12, 2009

0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

« ASA Enhanced Service Object Groups BGP Through an ASA with Authentication »

Cisco Catalyst 6500 Architecture White Paper
The official source for Cat6k architecture and design questions.
Notes on Cisco Catalyst 6500 architecture
High-level overview of the various backplane and fabric options in the Cat6k.
Extracting a 3DES key from an IBM 4758
Software-based attack for stealing the crypto keys from a tamper-resistant IBM crypto processor.
PowerCLI: Changing a VM IP Address with Invoke-VMScript
How to update the IP address of a Windows VM programatically using the PowerShell-based PowerCLI.
Auto-configure Linux vmware-tools at Boot time
Bash initscript to ensure your vmware tools get reconfigured when the kernel is upgraded. Could use a tweak to not run on a non-VM host.
Upgrade SQL Express to Standard or Enterprise
This will come in handy if you start out with vCenter running on the included SQL Express server and later outgrow it.
VMware Virtual Center Attributes – It’s all about the details
Covers a lesser-known but VERY useful feature in vCenter for adding metadata to virtual machines.
VMFS or NFS
Performance and other considerations when choosing a storage architecture for vSphere. Also touches on FC vs. iSCSI/NFS.
Designing Secure Multi-Tenancy into Virtualized Data Centers
Cisco Validated Design for the just-announced VMware/NetApp reference architecture.
Cisco Internal WAAS Implementation
High-level overview of Cisco IT's WAAS rollout to 200+ remote offices. The resulting CIFS optimization lead them to massivly consolidate file services to regional hubs.
The Great vSwitch Debate
Outstanding 8-part coverage of vSwitches and potential VMware network designs.
Cisco Data Center Interconnect Design and Implementation Guide
(PDF) Describes a portion of Cisco’s system for interconnecting multiple data centers for Layer 2-based business applications. Covers VSS and vPC.
Linux performance basics
Good, quick introduction to vmstat, iostat, and top for checking Linux performance stats.
vSphere 4.0 Hardening Guide Public Draft Released
Multi-PDF guide/checklist for securing vSphere in enterprise, DMZ, and special-access environments.
vSphere Host Died Abandon Ship!
Adding vSphere vCenter Alarms & Actions. How to automatically move your VMs off a dying host.

Proudly powered by WordPress and Carrington.

ASA Authentication Proxy with ACS

0 Responses

About Packetslave Industries

Archives

Meta

Delicious Bookmarks