TABLE OF CONTENTS Managing one or two PIX firewalls is not very difficult. If the number of firewalls increases or configurations become more complex, management becomes more of a challenge. Authentication can become a huge challenge as you may end up spending much time setting new passwords because someone left a position, or a new person is hired, or you mistyped that password for the furthermost firewall on your network. Nobody needs headaches like this so Cisco has thoughtfully provided a method to simplify the management of passwords and permissions while allowing you to do the management securely. Welcome to the world of AAA, or authentication, authorization, and accounting. Many engineers and admins shudder when they read or hear AAA. There are justifiable horror stories floating around about wide scale lockouts due to misconfigurations. But, with planning and a solid understanding of AAA basics and its implementation steps, the task becomes management. This chapter will provide you with a solid ground in AAA on the Cisco PIX firewall.
Along with everything else that you have read about so far, Cisco PIX 7.0 has changed how AAA is configured. There are parameter changes for the following functions:
VPN Remote Access users (IPSec, L2TP over IPsec)
Cut-through authentication proxies for FTP, Telnet, HTTP, and HTTPS
Device management
And these commands will be affected by the new changes in the 7.0 code when you upgrade from 6.3 to 7.0:
aaa-server
aaa-server radius-acctport
aaa-server radius-authport
auth-prompt
floodguard
There are new...
