Cisco validating identity error

TACACS uses port 49 for communication and allows vendors to use either User Datagram Protocol (UDP) or TCP encoding.Cisco ASA uses the TCP version for its TACACS implementation.(RADIUS authentication attributes are defined in RFC 2865.) Figure 6-1 illustrates how this process works.

The Cisco ASA authenticates itself to the RADIUS server by using a preconfigured shared secret.

For security reasons, this shared secret is never sent over the network.

The following subsections introduce each of the authentication protocols and servers that Cisco ASA supports.

RADIUS is a widely implemented authentication standard protocol that is defined in RFC 2865, "Remote Authentication Dial-In User Service (RADIUS)." RADIUS operates in a client/server model.

A RADIUS client is usually referred to as a The RADIUS server receives user authentication requests and subsequently returns configuration information required for the client (in this case, the Cisco ASA) to support the specific service to the user.

The RADIUS server does this by sending Internet Engineering Task Force (IETF) or vendor-specific attributes.The server ultimately sends any of the following messages back to the NAS: After the authentication process is complete, if authorization is required the TACACS server proceeds with the authorization phase.The user must first successfully be authenticated before proceeding to TACACS authorization.The following services are included within its modular architectural framework: Cisco ASA can be configured to maintain a local user database or to use an external server for authentication.The following are the AAA authentication underlying protocols and servers that are supported as external database repositories: Using an external authentication server in medium and large deployments is recommended, for better scalability and easier management.It sends the authentication request from the Cisco ASA to RADIUS Server 2 and proxies the response back to the ASA.

Tags: , ,