Cisco CCNA (640-553) Security Training

 

Using the “aaa authentication in (WebVPN)

 

By Charles Ross CCNA - CCNP #CSCO10444244

 

In today’s article, I’m going to talk about the “aaa authentication” command being used in webvpn context configuration mode. 

 

When network administrators (like you) use the “aaa authentication” command in webvpn context configuration mode, they are configuring Authentication, Authorization, and Accounting (AAA) authentication for Secure Socket Layer (SSL) Virtual Private Network (VPN) sessions. 

 

In other words, when a network administrator uses the “aaa authentication” command in webvpn context configuration mode, he or she is most likely configuring either an authentication list or server group for a SSL VPN context configuration. 

 

Below are the syntax and an example of the command:

 

Syntax: aaa authentication {domain name | list name

Example: Router(config)#aaa new-model

Router(config)#aaa group server radius myServer

Router(config-sg-radius)#server 11.1.1.20 auth-port 1645 acct-port 1646

Router(config-sg-radius)#exit

Router(config)#aaa authentication login default local group myServer

Router(config)#radius-server host 11.1.1.0 auth-port 1645 acct-port 1646

Router(config)#webvpn context context1

Router(config-webvpn-context)#aaa authentication list myServer

Router(config-webvpn-context)#exit

   

Notice, that when using the command; a network administrator can use either the “domain” keyword or the “list” keyword.

 

When he or she uses the “domain” keyword with the command (aaa authentication domain) he or she is configuring authentication for a specific domain. And, when a network administrator uses the “list” keyword with the command (aaa authentication list) he or she is configuring authentication for a specific list or server group. 

 

In the example above, the “myServer” RADIUS server group is being configured for authentication, for the SSL VPN context configuration named “context1”. 

 

If you need to remove the AAA configuration from the SSL VPN context configuration, just type the word “no” in front of the command like you see below: 

 

Router(config-webvpn-context)#no aaa authentication list myServer

 

Remember, in order for you to use the “aaa authentication” command in webvpn context configuration mode; your router(s) must be running Cisco IOS 12.4(6)T or higher.

 

I hope this article was very informative and helped you quickly understand the usage of the aaa authentication (WebVPN) command. If you need to learn more; I suggest you visit my website, (www.ccnaittechtips.com) were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.

 

To your success,

 

Charles Ross

CCNA- CCNP #CSCO10444244

www.ccnaittechtips.com