help setting up AAA

[geeksquad]

hi guys, i just got a pix 501 and i need some help in setting up the aaa.
Basically the setup would be : internet---(x.x.x.x)pix(192.168.10.1)---cisco acs(192.168.10.2).

i just want to setup the aaa for ssh to go to acs first for usename/pass and local if the tacacs is not available

i found some docs online but when i tried i nearly locked myself out ,not even console access, luckly i didnt save the config so i powercycled it and got back to the old config.

Any ideas?
much appreciated

krik

 

[Supergrrover]

here is a good guide

http://www.cisco.com/en/US/products...s_configuration_example09186a00807349e7.shtml

but basically you want

domain-name [your.domain]
hostname [pix-hostname]
ca gen rsa key 1024
ca save all
(this creates the rsa key for ssh to work)

aaa-server [ServerGroupName] protocol [radius/tacacs+]
aaa-server [ServerGroupName] host [ACS IP] [authkey]
ssh [source network IP] [subnetmask] [interface - inside/outside]
ssh timeout 60
aaa authen ssh console [ServerGroupName] LOCAL





Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[geeksquad]

works perfect!!!

Thanks Brent!