CHAPTER
8-1
Cisco ASA Series Firewall ASDM Configuration Guide
8
Configuring AAA Rules for Network Access
This chapter describes how to enable AAA (pronounced “triple A”) for network access.
For information about AAA for management access, see the “Configuring AAA for System
Administrators” section on page 45-12 in the general operations configuration guide.
This chapter includes the following sections:
• AAA Performance, page 8-1
• Licensing Requirements for AAA Rules, page 8-1
• Guidelines and Limitations, page 8-2
• Configuring Authentication for Network Access, page 8-2
• Configuring Authorization for Network Access, page 8-12
• Configuring Accounting for Network Access, page 8-17
• Using MAC Addresses to Exempt Traffic from Authentication and Authorization, page 8-19
• Feature History for AAA Rules, page 8-20
AAA Performance
The ASA uses “cut-through proxy” to significantly improve performance compared to a traditional
proxy server. The performance of a traditional proxy server suffers because it analyzes every packet at
the application layer of the OSI model. The ASA cut-through proxy challenges a user initially at the
application layer and then authenticates with standard AAA servers or the local database. After the ASA
authenticates the user, it shifts the session flow, and all traffic flows directly and quickly between the
source and destination while maintaining session state information.
Licensing Requirements for AAA Rules
The following table shows the licensing requirements for this feature:
Model License Requirement
All models Base License.