Configuring AAA Authorization

You can restrict the type of operation users can perform or the network resources they can access by using the AAA authorization service. After AAA authorization is enabled and configured, user profiles are stored on the local database or in a remote security server. From information in these profiles, users' sessions are configured after they have been authenticated. AAA supports five different methods of authorization TACACS+ User profile information is stored on a remote security server that...

Step 1 Select the IKE and IPSec Parameters

The process for configuring a router for an IPSec VPN is not a difficult one. It is, however, a very complex process with multiple tasks and subtasks and requires significant attention to detail. The first task involves selecting the initial configuration parameters for the VPN connection and determining which configuration is most appropriate. If all of the configuration decisions are taken prior to configuring either device, the risk of a configuration error on either peer can be greatly...

Radius Authentication Authorization and Accounting Example

Example 8-8 is a general configuration using RADIUS with the AAA command set. This configuration is shown in Figure 8-2. Figure 8-2 General Configuration Using RADIUS Figure 8-2 General Configuration Using RADIUS Example 8-8 Sample RADIUS Configuration NAS(config) radius-server host 192.168.100.15 NAS(config) radius-server key ladyhawk NAS(config) username meron password k0nj0 NAS(config) aaa authentication ppp test1 radius local NAS(config) aaa authorization network radius local NAS(config)...

Implement the Cisco IOS Firewall IDS

Configuring the Cisco IOS firewall IDS as the border router for each location enables you to determine what type of traffic is attempting to access the network. Much of this information can be derived from the Cisco IOS firewall logs however, the Cisco IOS firewall IDS generates specific alerts and can perform other actions to drop or reset the connection. It is important to establish a network baseline so that you can identify normal traffic and reduce the number of false positive alerts. For...

Cisco Works 2000

CiscoWorks 2000 is a family of bundled advanced network management tools that can run on either a Windows platform or Sun Solaris. CiscoWorks is a client server-based product that allows for easy access and management of Cisco AVVID architecture components. CiscoWorks 2000 provides the following network administration and management functionality Management and monitoring of Cisco PIX firewalls Management and monitoring of CSIDSs Management and monitoring of Cisco HIDS A web-based interface for...

Initialize the Cisco IOS Firewall IDS on the Router

Initializing the Cisco IOS firewall IDS includes four subtasks needed to configure the Cisco IOS firewall IDS to respond to malicious traffic. The initialization tasks include configuring the notification type, configuring the Cisco IOS firewall IDS and central management post office parameters, defining the protected network, and configuring the router maximum queue for alarms. Each is discussed in more detail in the following sections. Use the ip audit notify to configure the Cisco IOS...

Easy VPN Server Functionality

Easy VPN Server came about with Cisco IOS Software Release 12.2(8)T. It is the first Cisco IOS Software version to provide server support for Cisco VPN client 3.x and the Cisco VPN 3002 hardware clients. The Easy VPN Server manages all IPSec policies centrally and pushes the policy out to the client. This design minimizes the configuration required on the client end. The following functionality is integrated into the Cisco IOS Software 12.2(8)T with Easy VPN Split tunneling control Split...

Configuring AAA Authentication

Administrative and remote LAN network access to routers and network access servers can be secured using AAA. To configure AAA authentication, perform the following steps Step 1 Activate AAA by using the aaa new-model command. Step 2 Create a list name or use default. A list name is alphanumeric and can have one to four authentication methods. Step 3 Specify the authentication method lists for the aaa authentication command. You may specify up to four. Step 4 Apply the method list to an...

Cisco ACS for UNIX

Cisco Secure ACS for UNIX incorporates a multiuser, web-based Java configuration and management tool that simplifies server administration. Security services can be managed by several system administrators located in multiple location simultaneously. Cisco Secure ACS for UNIX supports Sybase and Oracle relational databases. The Cisco Secure ACS includes SQLAnywhere from Sybase. Although this version of the database does not have client server support, it is optimized to perform the essential...

Configuring the Cisco Router for IPSec VPNs Using CA Support

To configure the router for IPSec VPNs using CA support, you must complete five tasks. Each task contains several subtasks. As always, the most important component is thorough planning and meticulous implementation. Because of the complexity of this process, any error can prevent the VPN from functioning properly. The five tasks are as follows 1. Select the IKE and IPSec parameters. 2. Configure the router CA support. 3. Configure IKE using RSA signatures. 4. Configure IPSec using RSA...

Verifying the Cisco IOS Firewall IDS Configuration

It is important to ensure that your system is properly configured. You can use three commands to verify the configuration of the Cisco IOS firewall IDS show The show command is entered in the privileged EXEC mode and is used to see the current Cisco IOS firewall IDS configuration. Table 16-4 lists the show commands with a brief description of each. This command displays the number of packets audited and the number of alarms sent. These numbers can be reset using the clear ip audit statistics...