Trouble with AAA authorization

branfarm1 · ‎04-09-2008

Hi there. I'm trying to setup AAA on an ASA 5510. I've got an ISA server setup and AAA authentication is working properly. Is there any way to have the ASA recognize a username and assign an appropriate Privilege level? As far as I can tell it gives you level 15 once you authentication properly.

If ISA can't do this, what's the recommended path to accomplish this, keeping in mind that I can't afford the Cisco ACS software.

Thanks in advance!

htarra · ‎04-15-2008

Ah I guess you're using a named authorization method rather than the default one which is why it need applying to the VTY lines. The default method would apply to all lines where not already configured.

Try this:

ROUTER#config t

Enter configuration commands, one per line. End with CNTL/Z.

ROUTER(config)#line vty 0 4

ROUTER(config-line)#privilege level 15

ROUTER(config-line)#end

ROUTER#

http://cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml#intro

branfarm1 · ‎04-15-2008

Thanks for the response. It looks like your code example is for a router... I'm looking for some assistance with a PIX/ASA. I tried adding the command "aaa authorization include telnet inside x.x.x.x x.x.x.x" and it returned "Authorization is not supported in RADIUS."

Does anyone have an easy to use/easy to implement Tacacs server that is not thousands of dollars?