1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Slides:



Advertisements
Similar presentations
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Advertisements

© 2003, Cisco Systems, Inc. All rights reserved..
Cisco Device Hardening Disabling Unused Cisco Router Network Services and Interfaces.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Securing the Router Chris Cunningham.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
Module 5: Configuring Access to Internal Resources.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod5_L11 1 Implementing Secure Converged Wide Area Networks (ISCW)
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Understanding Switch Security Issues.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—3-1 Determining IP Routes Enabling RIP.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.
Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Course 201 – Administration, Content Inspection and SSL VPN
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 Module Summary  Cisco routers operate at Layer 3, and their function is path determination.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 5 City College.
© 2002, Cisco Systems, Inc. All rights reserved..
© 1999, Cisco Systems, Inc. 3-1 Configuring the Network Access Server for AAA Security.
Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 NGWC – Central Webauth (CWA) using ISE 3850 and 5760 Viten Patel – RTP Wireless.
Chapter 3: Authentication, Authorization, and Accounting
Access Control List ACL. Access Control List ACL.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public Remote access typically involves allowing telnet, SSH connections to the router Remote requires.
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
User Access to Router Securing Access.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 6 City College.
Chapter 3: Authentication, Authorization, and Accounting
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
© 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—15-1 Chapter 15 Blocking Configuration.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 8 Virtual LANs Cisco Networking Academy.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel Double.
Configuring the PIX Firewall Presented by Drew Spesard.
Chapter 9: Implementing the Cisco Adaptive Security Appliance
© 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.
Configuring AAA Kamyar Miremadi Laila Sherif Summer 2005.
RADIUS What it is Remote Authentication Dial-In User Service
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-1 Lesson 6 Translations and Connections.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-1 Lesson 3 Cisco PIX Firewall Technology and Features.
Lesson 3a © 2005 Cisco Systems, Inc. All rights reserved. CSPFA v4.0—19-1 System Management and Maintenance.
Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.
© 2002, Cisco Systems, Inc. All rights reserved..
Cisco Exam Questions IMPLEMENTING CISCO IOS NETWORK SECURITY (IINS V2.0) VERSION: Presents: 1.
© 2001, Cisco Systems, Inc. CSPFA 2.0—16-1 Chapter 16 Cisco PIX Device Manager.
© 2002, Cisco Systems, Inc. All rights reserved.
Managing Your Network Environment
Cisco IOS Firewall Context-Based Access Control Configuration
Managing IP Traffic with ACLs
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Real Exam Dumps IT-Dumps
Cisco Real Exam Dumps IT-Dumps
Cisco networking CNET-448
Lock and Key by Linda Wier 2/23/2019.
Presentation transcript:

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

2 © 2005 Cisco Systems, Inc. All rights reserved. Network Security 1 Module 6 – Configure Trust and Identity at Layer 3

3 © 2005 Cisco Systems, Inc. All rights reserved. Learning Objectives 6.1 Cisco IOS Firewall Authentication Proxy 6.2 Introduction to PIX Security Appliance AAA Features 6.3 Configure AAA on the PIX Security Appliance

4 © 2005 Cisco Systems, Inc. All rights reserved. Module 6 – Configure Trust and Identity at Layer Cisco IOS Firewall Authentication Proxy

5 © 2005 Cisco Systems, Inc. All rights reserved. What Is the Authentication Proxy?

6 © 2005 Cisco Systems, Inc. All rights reserved. Using the Authentication Proxy

7 © 2005 Cisco Systems, Inc. All rights reserved. Supported AAA Servers

8 © 2005 Cisco Systems, Inc. All rights reserved. Authentication Proxy Configuration

9 © 2005 Cisco Systems, Inc. All rights reserved. Create auth-proxy Service in the Cisco Secure ACS Enter the new service: auth-proxy.

10 © 2005 Cisco Systems, Inc. All rights reserved. Enable AAA

11 © 2005 Cisco Systems, Inc. All rights reserved. Specify Authentication Protocols

12 © 2005 Cisco Systems, Inc. All rights reserved. aaa authorization auth-proxy default method1 [method2] Specify Authorization Protocols Use the auth-proxy keyword to enable authorization proxy for AAA methods Methods: TACACS+, RADIUS, or both Router(config)# Router(config)# aaa authorization auth-proxy default group tacacs+

13 © 2005 Cisco Systems, Inc. All rights reserved. tacacs-server host ip_addr Define a TACACS+ Server and Its Key Specifies the TACACS+ server IP address Specifies the TACACS+ server key Router(config)# Router(config)# tacacs-server host Router(config)# tacacs-server key secretkey tacacs-server key string Router(config)#

14 © 2005 Cisco Systems, Inc. All rights reserved. Define a RADIUS Server and Its Key Specifies the RADIUS server IP address Specifies the RADIUS server key Router(config)# radius-server host Router(config)# radius-server key secretkey radius-server host ip_addr Router(config)# radius-server key string Router(config)#

15 © 2005 Cisco Systems, Inc. All rights reserved. Allow AAA Traffic to the Router

16 © 2005 Cisco Systems, Inc. All rights reserved. Enable the Router HTTP or HTTPS Server

17 © 2005 Cisco Systems, Inc. All rights reserved. Set Global Timers

18 © 2005 Cisco Systems, Inc. All rights reserved. Define and Apply Authentication Proxy Rules

19 © 2005 Cisco Systems, Inc. All rights reserved. Authentication Proxy Rules with ACLs

20 © 2005 Cisco Systems, Inc. All rights reserved. Test and verify authentication proxy

21 © 2005 Cisco Systems, Inc. All rights reserved. Module 6 – Configure Trust and Identity at Layer Introduction to PIX Security Appliance AAA Features

22 © 2005 Cisco Systems, Inc. All rights reserved. Types of Authentication

23 © 2005 Cisco Systems, Inc. All rights reserved. Types of Authorization

24 © 2005 Cisco Systems, Inc. All rights reserved. Types of Accounting

25 © 2005 Cisco Systems, Inc. All rights reserved. AAA Server Support

26 © 2005 Cisco Systems, Inc. All rights reserved. Module 6 – Configure Trust and Identity at Layer Configure AAA on the PIX Security Appliance

27 © 2005 Cisco Systems, Inc. All rights reserved. Types of Access Authentication

28 © 2005 Cisco Systems, Inc. All rights reserved. Authentication Configuration Steps

29 © 2005 Cisco Systems, Inc. All rights reserved. Specify an AAA server group

30 © 2005 Cisco Systems, Inc. All rights reserved. Designate an Authentication server

31 © 2005 Cisco Systems, Inc. All rights reserved. Authentication of console access

32 © 2005 Cisco Systems, Inc. All rights reserved. Add Users to the Local User Database

33 © 2005 Cisco Systems, Inc. All rights reserved. Maximum failed attempts

34 © 2005 Cisco Systems, Inc. All rights reserved. Authentication Prompts

35 © 2005 Cisco Systems, Inc. All rights reserved. Authentication Timeouts

36 © 2005 Cisco Systems, Inc. All rights reserved. Cut-Through Proxy

37 © 2005 Cisco Systems, Inc. All rights reserved. Authentication of Non-Telnet, FTP, or HTTP Traffic

38 © 2005 Cisco Systems, Inc. All rights reserved. Virtual Telnet

39 © 2005 Cisco Systems, Inc. All rights reserved. Virtual HTTP

40 © 2005 Cisco Systems, Inc. All rights reserved. Tunnel User Authentication

41 © 2005 Cisco Systems, Inc. All rights reserved. User Authorization

42 © 2005 Cisco Systems, Inc. All rights reserved. TACACS+ Authorization configuration

43 © 2005 Cisco Systems, Inc. All rights reserved. Enable Authorization match

44 © 2005 Cisco Systems, Inc. All rights reserved. Authorization of Non-Telnet, FTP, HTTP, or HTTPS Traffic

45 © 2005 Cisco Systems, Inc. All rights reserved. Downloadable ACLs

46 © 2005 Cisco Systems, Inc. All rights reserved. Using Downloadable ACLs

47 © 2005 Cisco Systems, Inc. All rights reserved. Enable Accounting Match

48 © 2005 Cisco Systems, Inc. All rights reserved. Enable Accounting Include, Exclude

49 © 2005 Cisco Systems, Inc. All rights reserved. Admin Accounting

50 © 2005 Cisco Systems, Inc. All rights reserved. Command Accounting

51 © 2005 Cisco Systems, Inc. All rights reserved. Troubleshooting AAA Configuration – Show uauth

52 © 2005 Cisco Systems, Inc. All rights reserved. show aaa-server

53 © 2005 Cisco Systems, Inc. All rights reserved. Troubleshooting Downloaded ACLs

54 © 2005, Cisco Systems, Inc. All rights reserved.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.