User Management
Configuring User Authentication Settings
Cisco ISA500 Series Integrated Security Appliances Administration Guide 394
9
Using Local Database for User Authentication
Use the local database to authenticate users when the number of users accessing
the network is less than 100 users.
The local database verifies the user’s credentials. Only the valid local users are
allowed to access the network. For information on configuring local users in the
local database, see Configuring Local Users, page 390.
STEP 1 Click Users > User Authentication.
STEP 2 Choose Local Database as the authentication method.
STEP 3 Click Save to apply your settings.
Using RADIUS Server for User Authentication
The security appliance can use RADIUS servers for user authentication for
network access. The RADIUS server uses the Framed-Filter-ID attribute to store
user and user group information, and checks the user’s credentials by using the
Password Authentication Protocol (PAP) authentication scheme.
When a user authenticates, the security appliance verifies the user’s credentials
through the RADIUS server. The RADIUS server returns the authentication results
to the security appliance. For a valid RADIUS user, the security appliance checks
its user group service policy from the local database and permits access. For an
invalid RADIUS user, the security appliance blocks access.
STEP 1 Click Users > User Authentication.
STEP 2 Choose RADIUS as the authentication method.
STEP 3 Click Configure to configure the RADIUS settings.
STEP 4 In the Settings tab, choose the RADIUS group for authentication and configure the
global timeout and retry settings.
• Global RADIUS Settings: Specify the global timeout and retry settings for
the selected RADIUS servers:
- RADIUS Server Timeout: Enter the number of seconds that the
connection can exist before re-authentication is required. The range is
1-60 seconds. The default value is 3 seconds.