Create authproxy Service in the Cisco Secure ACS

ClWI Stuns

3

User Setup

a

Group Setup

%

Shared Profile Components

ö

Network Configuration

Ü

System Configuration

&

Interface Configuration

A

Ad m inist rat 1 o n Control

External User Databases

Reports and Activité

Documentation

Interface Configuration

IACACS+ Services

PPP IP PPPIPX PPP Multiluik PPP Apple Talk PPP WDN PPP LCP ARAP Shell (exec) PDC Shell (pixshell) SLIP

New Services

Enter the new service: auth-proxy.

Enter the new service: auth-proxy.

New Services

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v2.0—5-7

To support the Cisco IOS Firewall authentication proxy, configure the AAA authorization auth-proxy service on the Cisco Secure ACS for Windows AAA server. This action creates a new section in the Group Setup window in which user profiles can be created. It does not interfere with other types of services that the AAA server may have.

This lesson uses the Cisco Secure ACS for Windows (using the TACACS+ protocol) as an example of how to configure the AAA server.

Complete the following steps to add authorization rules for specific services in the Cisco Secure ACS for Windows:

Step 1 In the menu bar, click Interface Configuration. The Interface Configuration window opens.

Step 2 Click TACACS+ (Cisco IOS).

Step 3 Scroll down in the TACACS+ Services window until you find the New Services group box.

5-140 Securing Networks with Cisco Routers and Switches (SNRS) v2.0 © 2007 Cisco Systems, Inc.

Step 4

Check the check box closest to the service field.

Note Depending on which options your Cisco Secure ACS is running, there may be one or two check boxes in front of the service fields. The presence of two check boxes indicates support for both user and group settings. Making check box selections simply indicates where the configuration of this feature can be performed; in other words, it can be done at the group or user level or at both levels. If there is only one check box, check it (as shown in the figure).

Step 5 Enter auth-proxy in the first empty Service field next to the check box that you just checked and click Submit. For HTTP or HTTPS authentication, the corresponding Protocol field should be empty. For FTP and Telnet authentication, enter ip in the Protocol field.

Step 6 Scroll down to Advanced Configuration Options and check the Advanced TACACS+ Features check box, if it is not already checked.

Step 7 Click Submit when finished.

© 2007 Cisco Systems, Inc. Adaptive Threat Defense 5-141

Was this article helpful?

0 0

Post a comment