which purpose is the Cisco ASA CLI command aaa authentication match used?

For which purpose is the Cisco ASA CLI command aaa authentication match used?

For which purpose is the Cisco ASA CLI command aaa authentication match used?

A.
Enable authentication for SSH and Telnet connections to the Cisco ASA appliance.

B.
Enable authentication for console connections to the Cisco ASA appliance.

C.
Enable authentication for connections through the Cisco ASA appliance.

D.
Enable authentication for IPsec VPN connections to the Cisco ASA appliance.

E.
Enable authentication for SSL VPN connections to the Cisco ASA appliance.

F.
Enable authentication for Cisco ASDM connections to the Cisco ASA appliance.

Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/access_fwaaa.html
Or
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080ba6110.shtml
To enable network access authentication, perform the following steps:
Step 1 Using the aaa-server command, identify your AAA servers. If you have already identified
your AAA servers, continue to the next step.
Step 2 Using the access-list command, create an access list that identifies the source addresses
and destination addresses of traffic you want to authenticate.
The permit ACEs mark matching traffic for authentication, while deny entries exclude matching
traffic from authentication. Be sure to include the destination ports for either HTTP, HTTPS,
Telnet, or FTP in the access list because the user must authenticate with one of these services
before other services are allowed through the ASA.
Step 3 To configure authentication, enter the following command:
hostname(config)# aaa authentication match acl_name interface_name server_group
Where acl_name is the name of the access list you created; interface_name is the name of the
interface as specified with the nameif command, and server_group is the AAA server group you
created.
The following commands authenticate Telnet traffic from the outside interface to a particular server
(209.165.201.5):
hostname(config)# aaa-server AuthInbound protocol tacacs+
hostname(config-aaa-server-group)# exit
hostname(config)# aaa-server AuthInbound (inside) host 10.1.1.1
hostname(config-aaa-server-host)# key TACPlusUauthKey
hostname(config-aaa-server-host)# exit
hostname(config)# access-list TELNET_AUTH extended permit tcp any host
209.165.201.5 eq telnet

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *