Using AAA for X-Auth in ISAKMP
The PIX configuration in this section shows you how AAA is used to provide extended authentication (x-auth) for VPN users connecting to the PIX using IPsec.
A case of two users is shown in Example 19-3. Example 19-4 shows the TACACS+ profiles for these two users. In the case of UserA, the only thing that AAA provides is a username and password for authentication. But for UserB, AAA provides not only a username and password for authentication but also provides for authorization. Authorization comes in the form of deploying access list 110 for UserB after it has connected to the PIX.
See Part IV, “Virtual Private Networks,” and Chapter 8, “PIX Firewall,” for details on the non-AAA commands in this configuration.
Get Network Security Principles and Practices now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
