User's Manual
Table Of Contents
- Getting Started
- Wizards
- Using the Startup Wizard
- Using the Wireless Wizard to Configure the Wireless Settings for ISA550W and ISA570W
- Using the DMZ Wizard to Configure the DMZ Settings
- Using the Dual WAN Wizard to Configure the WAN Redundancy Settings
- Using the Site-to-Site Wizard to Establish the Site-to-Site VPN Tunnels
- Using the Remote Access Wizard to Establish the IPSec VPN Tunnels or SSL VPN Tunnels for Remote Access
- Status
- Networking
- Configuring IP Routing Mode
- Port Management
- Configuring the WAN
- Configuring the WAN Redundancy
- Configuring the VLAN
- Configuring the DMZ
- Configuring the Zones
- Configuring the Routing
- Dynamic DNS
- IGMP
- VRRP
- Configuring the Quality of Service
- Address Management
- Service Management
- Wireless Configuration for ISA550W and ISA570W
- Firewall
- Configuring the Firewall Access Rules to Control Inbound and Outbound Traffic
- Configuring the Firewall Schedule
- Firewall Access Rule Configuration Examples
- Configuring the NAT Rules to Securely Access a Remote Network
- Configuring the Session Settings
- Configuring the Content Filtering to Control Access to Internet
- Configuring the MAC Filtering to Permit or Block Traffic
- Configuring the IP/MAC Binding to Prevent Spoofing
- Configuring the Attack Protection
- Configuring the Application Level Gateway
- Security Services
- VPN
- About VPN
- Configuring the Cisco IPSec VPN Server
- Configuring the Cisco IPSec VPN Client
- Configuring the Site-to-Site VPN
- Configuring the SSL VPN
- Elements of the SSL VPN
- Configuration Tasks to Establish a SSL VPN Tunnel
- Installing the Cisco AnyConnect VPN Client on User’s PC
- Importing the Certificates for User Authentication
- Configuring the SSL VPN Users
- Configuring the SSL VPN Gateway
- Configuring the SSL VPN Group Policies
- Configuring the SSL VPN Portal
- Configuring the L2TP Server
- Configuring the VPN Passthrough
- Viewing the VPN Status
- User Management
- Device Management
- Remote Management
- Administration
- SNMP
- Configuration Management
- Firmware Management
- Log Management
- Managing the Security License
- Managing the Certificates for Authentication
- Configuring the Email Alert Settings
- Configuring the RADIUS Servers
- Configuring the Time Zone
- Device Discovery
- Diagnosing the Device
- Measuring and Limiting Traffic with the Traffic Meter
- Configuring the ViewMaster
- Configuring the CCO Account
- Configuring the Device Properties
- Configuring the Debug Settings
- Troubleshooting
- Technical Specifications and Environmental Requirements
- Factory Default Settings
- Where to Go From Here
User Management
Configuring the User Authentication Settings
Cisco ISA500 Series Integrated Security Appliance Administrator Guide 282
9
• Defualt User Group to Which all RADIUS Users Belong: If the group of a
RADIUS user does not exist in the local database, you can set the RADIUS
user to a specific local user group. Choose a local user group as the default
local group to which the RADIUS user belongs.
STEP 6 In the Test tab, enter the user and password credentials in the User and
Password fields to test the configured RADIUS settings. Click the Test button to
verify whether the RADIUS user is valid
STEP 7 Click OK to save your settings.
STEP 8 Click Save to apply your settings.
Using Local Database and RADIUS Server for Authentication
You can use both the local database and RADIUS server to authenticate the users
who try to access the network.
When you use both the local database and RADIUS server for authentication, the
security appliance first verifies the user name and password information of the
users through the RADIUS server. The RADIUS server returns the authentication
result to the security appliance. For a valid RADIUS user, the security appliance
checks its user group service policy from the local database and allows the user
to access the network. For an invalid RADIUS user, then the security appliance
uses the local database to verify the user. For a valid local user, the security
appliance checks its user group service policy from the local database and allows
the user to access the network. For an invalid local user, the security appliance
denies the user to access the network.
STEP 1 Click Users -> Settings.
The User Settings window opens.
STEP 2 In the User Login Settings area, choose RADIUS + Local Database as the
authentication method from the Authentication Method drop-down list .
STEP 3 Click Configure to configure the RADIUS settings for user authentication.
The RADIUS Settings window opens. To configure the RADIUS server settings for
user authentication, see Using RADIUS Server for Authentication, page 279.
STEP 4 Click Save to apply your settings.