Posts Tagged ‘aaa’


Another new update is now available for the CCIE Security Advanced Technologies Class. This update adds an additional 15 hours of videos to the series, which includes the rest of IPsec, IPS, and AAA. All Access Pass subscribers and customers who purchased download access can login to the INE members site to see the new additions.  This brings the series up to about 40 hours of videos, which will be further increased with some minor updates I’ll be adding over the next few weeks. If there is a specific topic which is missing that you’d like to see feel free to comment here, or email me at

The outline for the series is now as follows:

  • Introduction – 0h 37m
  • CCIE Security Preparation Resources – 0h 50m
  • ASA Overview – 0h 37m
  • Basic ASA Initialization – 1h 02m
  • ASA Routing – 0h 37m
  • ASA Reliable Static Routing – 0h 20m
  • ASA Access Control Lists (ACLs) – 0h 41m
  • Continue Reading

Tags: , , , ,


In this blog post we are going to review and compare the ways in which IOS and ASA Easy VPN servers perform ezVPN attribute authorization via RADIUS. The information on these procedure is scattered among the documentation and technology examples, so I thought it would be helpful to put the things together.

To begin with, let’s establish some sort of equivalence between the IOS and ASA terminology. Even though ASA inherited most of it’s VPN configuration concepts from the VPN3000 platform it is still possible to find similarities between the IOS and the ASA configurations. Recall that IOS ezVPN configuration defines local ezVPN group policy by means of the crypto isakmp client configuration group command. This could be viewed as a rough equivalent to the ASA’s group-policy type internal command, though the ASA’s command scope is much broader. IOS ISAKMP profiles could be viewed as an equivalent to the ASA’s tunnel-group command defining a connection profile.

Continue Reading

Tags: , , , , ,


IOS Local AAA is one feature that is often overlooked for some reason. It allows turning your router into almost full-functional AAA server, allowing not only local authentication of remote VPN users but also local authorization for protocols like PPP (used with PPTP/PPPoE or dialup) or IKE (used with ezVPN). Best of all, you can use per-user attribute lists with PPP (alas, it does not seem to work with IKE). With per-user attribute-lists you can apply specific configuration policy with maximum granularity. First, here is the link from Cisco’s documentation site, just for your information:


Next, the syntax for using per-user AAA is relatively straightforward. First, you create an AAA attribute list using the command aaa attribute list:

Continue Reading

Tags: , , ,


CCIE Bloggers