ASA authentication proxy using ACS for authorization

Unanswered Question
Apr 21st, 2008
User Badges:

Hi,

I configured the ASA as an authentication proxy. So any user want to telnet to using port 3001, or using port 23 should first authenticate to virtual telnet address and then ACS will authorized the user:

aaa authentication include telnet 0 0 10.1.1.1 TAC

aaa authorizaion include telnet inside 0 0 TAC

aaa authorization include tcp/3000 inside 0 0 TAC

virtual telnet 10.1.1.1

I configured the acs as the following:

enable shell with privilage 15

permit command telent (permit any urgments)

permit command 6/3001 (permit any arguments).

So I am authenticated with virtual telnet and can do telnet only with port 23 but not with port 3001. I double my configuration a lot and didn't find any mistake. According to Cisco documentation I should add command 6/3001 (6 is tcp protocol number) but it is not working with me. So please advice !!!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rkalia1 Tue, 04/22/2008 - 05:20
User Badges:

Try putting fixup protocol telnet 3001

Actions

This Discussion