Cisco ACS4.1在PIX上的AAA认证
【详细过程】 要求:外网需要TELNET到内网的路由器上,通过ACS做 认证 PIX上的配置如下 interface Ethernet0 nameif inside security-level 100 ip address 172.16.16.1 255.255.255.0 ! interface Ethernet1 nameif outside security-level 0 ip address 19
【详细过程】
要求:外网需要TELNET到内网的路由器上,通过ACS做认
证
PIX上的配置如下
interface Ethernet0
nameif inside
security-level 100
ip address 172.16.16.1 255.255.255.0
!
interface Ethernet1
nameif outside
security-level 0
ip address 192.1.1.1 255.255.255.0
access-list 101 extended permit tcp any host
172.16.16.2 eq telnet
access-list outacl extended permit icmp any any
access-list outacl extended permit tcp any host 172.16.16.2 eq 23
aaa-server acs protocol tacacs+
aaa-server acs host 192.168.1.101
key cisco123
aaa authentication match 101 outside acs
telnet 192.168.1.0 255.255.255.0 inside
telnet 192.1.1.0 255.255.255.0 outside
如果要使用虚拟TELNET,加入如下命令:
static (inside,outside) 172.16.16.101 172.16.16.101 netmask
255.255.255.255
virtual telnet 172.16.16.101
aaa authentication match 102 outside acs
access-list 102 extended permit tcp any host 172.16.16.101 eq telnet
TELNET到INSIDE路由器的输出--CCIE115是ACS上面定义的用户,192.1.1.2是外网地址
pixfirewall(config)# sh uau
Current Most Seen
Authenticated Users 1 1
Authen In Progress 0 1
user 'ccie115' at 192.1.1.2, authenticated (idle for 0:00:01)
absolute timeout: 0:05:00
inactivity timeout: 0:00:00
使用虚拟TELNET输出:
wan#telnet 172.16.16.101
Trying 172.16.16.101 ... Open
LOGIN Authentication
Username: ccie115
Password:
Authentication Successful
[Connection to 172.16.16.101 closed by foreign host]
认证成功之后即关闭了虚拟TELNET窗口
在此例中,
删除 access-list outacl extended permit tcp any host 172.16.16.2 eq 23这条命令
添加 access-list 101 extended permit tcp any host 172.16.16.2 eq 23
思想是:不允许OUTSIDE可以直接TELNET到INSIDE,101被AAA调用,通过认证后才可以TELNET到INSIDE
无忧网客联盟专业讨论 网络技术,CCNA CCNP CCIE CCSP
文章转载至http://bbs.net527.cn 无忧网客联盟
无忧网客联 盟主站
无忧linux 时代
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1.1.1.1 How to log in to the online authentication system
Apr 20, 2023 am 10:44 AM
1.1.1.1 Login method for the Internet authentication system: 1. Search for the campus network wireless signal and connect; 2. Open the browser and select "Self-Service" on the pop-up authentication interface; 3. Enter the user name and initial password to log in; 4. Complete Personal information and set a strong password.
How to use ThinkPHP6 for JWT authentication?
Jun 12, 2023 pm 12:18 PM
JWT (JSONWebToken) is a lightweight authentication and authorization mechanism that uses JSON objects as security tokens to securely transmit user identity information between multiple systems. ThinkPHP6 is an efficient and flexible MVC framework based on PHP language. It provides many useful tools and functions, including JWT authentication mechanism. In this article, we will introduce how to use ThinkPHP6 for JWT authentication to ensure the security and reliability of web applications
What are the differences between WeChat official account certification and non-certification?
Sep 19, 2023 pm 02:15 PM
The difference between WeChat public account authentication and non-authentication lies in the authentication logo, function permissions, push frequency, interface permissions and user trust. Detailed introduction: 1. Certification logo. Certified public accounts will obtain the official certification logo, which is the blue V logo. This logo can increase the credibility and authority of the public account and make it easier for users to identify the real official public account; 2. Function permissions. Certified public accounts have more functions and permissions than uncertified public accounts. For example, certified public accounts can apply to activate the WeChat payment function to achieve online payment and commercial operations, etc.
What is kc certification?
Oct 11, 2022 pm 03:20 PM
KC certification is to enable consumers to more clearly understand the certification mark marked on the products they purchase. It is a national unified certification mark that is used to reduce the various certification fees borne by product manufacturers. The Korea Institute of Technical Standards (KATS) announced on August 20, 2008 that it would implement KC certification from July 2009 to December 2010.
Nintendo Switch 2 rumored to get ports of Assassin\'s Creed Shadows and previous entries in the series
Aug 14, 2024 pm 12:36 PM
Last week, Paul Gele, a known gaming insider, shared that the upcoming Nintendo Switch 2 will get major third-party AAA ports at launch. This is something to look forward to because the first-gen gaming handheld didn't get any AAA titles at launch. B
What certifications or certificates can be obtained for Java functions?
Apr 29, 2024 pm 09:27 PM
OCJP certification is divided into several levels. The entry-level OCA covers the basics of Java programming, and the advanced OCP covers more in-depth concepts. In addition, there are certifications covering specific Java versions, such as OCA/OCPJavaSE1Z0-808/1Z0-809 and its updated version 11Programmer. Earned by studying, practicing and taking exams, OCJP certification demonstrates skills, enhances career prospects and drives continued development.
Understand Web interface authentication and permission management on Linux servers.
Sep 10, 2023 am 11:29 AM
Understanding Web Interface Authentication and Permission Management on Linux Servers With the rapid development of the Internet, Web applications are becoming more and more common in enterprise and personal use. In order to protect the security and confidentiality of web applications, authentication and permission management have become very important. On a Linux server, implementing Web interface authentication and permission management is a key task. This article will introduce how to perform Web interface authentication and permission management on Linux servers, helping you build safe and reliable Web applications. 1. Recognize
How to authenticate Ctrip students
Feb 27, 2024 pm 12:49 PM
As a high-quality travel app, Ctrip can arrange travel services for users, so that users do not have to be embarrassed by the inconvenience of travel. Among them, student users can also enjoy discounts in this app, just through After student certification, you can enjoy preferential travel. So how to verify the student discount in the Ctrip travel app? This tutorial guide will bring you a detailed guide introduction. I hope it can help everyone in need. . First of all, in Ctrip Travel, we find student rights on my page, then select the student certification rights on Ctrip campus to find the option to upgrade immediately. Then on the student ID certification page, fill in your relevant information, and then upload your student To verify your documents, click to confirm immediately
