In earlier chapters, you learned how to plan for and configure the various authentication mechanisms available on the Adaptive Security Appliance (ASA) to allow remote users access into your environment. Now that you have given them access, you need to control and account for it.
The information in this chapter will enable you to prepare for the deployment of an advanced authorization scheme for your remote users, allowing you to control the level of access granted to them based on such information as their internal department, username, IP address, and so on, using the familiar local group policies that are configured on the ASA device. This chapter also introduces you to remote group policies, their configuration on the ASA, and their remote server requirements.
After the various ways to authorize remote users into your environment has been explored, the discussion moves on to review the accounting methods available on the ASA device that enable you to track the success or failure of specific authorization settings and connections.
“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz helps you determine your level of knowledge on this chapter’s topics before you begin. Table 17-1 details the major topics discussed in this chapter and their corresponding quiz sections.
Table 17-1 “Do I Know This Already?” Section-to-Question Mapping
Foundation Topics Section |
Questions |
Configuring Local and Remote Group Policies |
1,2,3,4 |
Accounting methods for Operational Information |
5,6,7 |
- Which of the following are available group policy types on the ASA? (Choose all that apply.)
- Internal
- External
- Active
- Standby
- Which of the following are legitimate ways to assign a group policy? (Choose all that apply.)
- DAP
- Direct user assignment
- Connection profile
- AAA
- In what format are the attributes stored in an external group policy?
- Text files
- A/V pairs
- CSV files
- XML files
- Which of the following remote user types are external group policy objects available on? (Choose all that apply.)
- LDAP
- TACACS+
- SDI
- RADIUS
- By default, where is ASA syslog information stored?
- External syslog server
- Internal syslog server
- NetFlow collection service
- ASA internal buffer
- When configuring an AAA server on the ASA, which communication protocol when configured allows for secure (SSL/TLS) communication between the AAA server and the ASA?
- UDP
- SCEP
- SMTP
- TCP
- Which of the following are available actions used for NetFlow flow information creation? (Choose all that apply.)
- Created
- Denied
- Torn down
- Dropped