SHIFT

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


ciscoaaaasa
Differences

This shows you the differences between two versions of the page.

Link to this comparison view

ciscoaaaasa [2013/04/23 20:34] (current)
sjoerd created
Line 1: Line 1:
 += Cisco ASA Firewall Authentication =
  
 +This is a page with information about cisco authentication on an ASA firewall, and it is an addon to the [[ciscoradiusad2008]] article.
 +
 +All commands assume you've already logged on to the switch with privilege level 15 access and are already in config mode (conf t).
 +
 +== Basic Cisco Configuration ==
 +
 +To successfully configure the firewall start with the administration of the switch, so configure the hostname, domain name and the nameserver:
 +<​code>​
 +hostname firewall
 +ip domain-name company.local
 +ip name-server 10.10.10.53
 +</​code>​
 +
 += Local User =
 +
 +Create a local user with privilege 15. This user will be the fallback when RADIUS authentication fails. (Minimum of 4 characters needed as username)
 +<​code>​
 +username ict_bhr priv 15 password <​password>​
 +</​code>​
 +
 +== Authentication Configuration ==
 +
 +Configure AAA security services (authentication,​ authorization,​ and accounting) on the switch to support the RADIUS security protocol
 +
 +Configure the authentication methods
 +<​code>​
 +aaa-server Cisco protocol radius
 +(config-aaa-server-group)#​ aaa-server Cisco (management) host 10.10.10.100
 +(config-aaa-server-host)#​ key <​password>​
 +(config-aaa-server-host)#​ radius-common-pw <​password>​
 +aaa authentication enable console Cisco LOCAL
 +aaa authentication http console Cisco LOCAL
 +aaa authentication ssh console Cisco LOCAL
 +aaa authorization command LOCAL
 +</​code>​
 +
 +== Authentication Prompt and Banners ==
 +
 +Set a banner stating that all actions, logins etc. will be logged, There are different banners :
 +
 +<​code>​
 +banner exec ***************************************************************************
 +banner exec NOTICE TO USERS
 +banner exec This computer system is the private property of getshifting.com,​ whether
 +banner exec individual, corporate or government. It is for authorized use only.
 +banner exec Users (authorized or unauthorized) have no explicit or implicit
 +banner exec expectation of privacy.
 +banner exec Any or all uses of this system and all files on this system may be
 +banner exec intercepted,​ monitored, recorded, copied, audited, inspected, and
 +banner exec disclosed to your employer, to authorized site, government, and law
 +banner exec enforcement personnel, as well as authorized officials of government
 +banner exec agencies, both domestic and foreign.
 +banner exec By using this system, the user consents to such interception,​ monitoring,
 +banner exec recording, copying, auditing, inspection, and disclosure at the
 +banner exec discretion of such personnel or officials. Unauthorized or improper use
 +banner exec of this system may result in civil and criminal penalties and
 +banner exec administrative or disciplinary action, as appropriate. By continuing to
 +banner exec use this system you indicate your awareness of and consent to these terms
 +banner exec and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
 +banner exec conditions stated in this warning.
 +banner exec ****************************************************************************
 +</​code>​
 +
 +<​code>​
 +banner login ***************************************************************************
 +banner login NOTICE TO USERS
 +banner login This computer system is the private property of getshifting.com,​ whether
 +banner login individual, corporate or government. It is for authorized use only.
 +banner login Users (authorized or unauthorized) have no explicit or implicit
 +banner login expectation of privacy.
 +banner login Any or all uses of this system and all files on this system may be
 +banner login intercepted,​ monitored, recorded, copied, audited, inspected, and
 +banner login disclosed to your employer, to authorized site, government, and law
 +banner login enforcement personnel, as well as authorized officials of government
 +banner login agencies, both domestic and foreign.
 +banner login By using this system, the user consents to such interception,​ monitoring,
 +banner login recording, copying, auditing, inspection, and disclosure at the
 +banner login discretion of such personnel or officials. Unauthorized or improper use
 +banner login of this system may result in civil and criminal penalties and
 +banner login administrative or disciplinary action, as appropriate. By continuing to
 +banner login use this system you indicate your awareness of and consent to these terms
 +banner login and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
 +banner login conditions stated in this warning.
 +banner login ****************************************************************************
 +</​code>​
 +
 +<​code>​
 +banner asdm ***************************************************************************
 +banner asdm NOTICE TO USERS
 +banner asdm This computer system is the private property of getshifting.com,​ whether
 +banner asdm individual, corporate or government. It is for authorized use only.
 +banner asdm Users (authorized or unauthorized) have no explicit or implicit
 +banner asdm expectation of privacy.
 +banner asdm Any or all uses of this system and all files on this system may be
 +banner asdm intercepted,​ monitored, recorded, copied, audited, inspected, and
 +banner asdm disclosed to your employer, to authorized site, government, and law
 +banner asdm enforcement personnel, as well as authorized officials of government
 +banner asdm agencies, both domestic and foreign.
 +banner asdm By using this system, the user consents to such interception,​ monitoring,
 +banner asdm recording, copying, auditing, inspection, and disclosure at the
 +banner asdm discretion of such personnel or officials. Unauthorized or improper use
 +banner asdm of this system may result in civil and criminal penalties and
 +banner asdm administrative or disciplinary action, as appropriate. By continuing to
 +banner asdm use this system you indicate your awareness of and consent to these terms
 +banner asdm and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
 +banner asdm conditions stated in this warning.
 +banner asdm ****************************************************************************
 +</​code>​
 +
 +<​code>​
 +auth-prompt prompt Please enter your network credentials.
 +auth-prompt accept Access Granted
 +auth-prompt reject REJECTED - User and/or Password
 +</​code>​
 +
 += Check and Close =
 +Now check the configuration,​ and only write the configuration to the cisco device if you can login successfully and everything is correct. To do so:
 +<​code>​
 +write
 +exit
 +</​code>​
 +
 +{{tag>​network security cisco}}
ciscoaaaasa.txt ยท Last modified: 2013/04/23 20:34 by sjoerd