I configured the ASA as an authentication proxy. So any user want to telnet to using port 3001, or using port 23 should first authenticate to virtual telnet address and then ACS will authorized the user:
aaa authentication include telnet 0 0 10.1.1.1 TAC
aaa authorizaion include telnet inside 0 0 TAC
aaa authorization include tcp/3000 inside 0 0 TAC
virtual telnet 10.1.1.1
I configured the acs as the following:
enable shell with privilage 15
permit command telent (permit any urgments)
permit command 6/3001 (permit any arguments).
So I am authenticated with virtual telnet and can do telnet only with port 23 but not with port 3001. I double my configuration a lot and didn't find any mistake. According to Cisco documentation I should add command 6/3001 (6 is tcp protocol number) but it is not working with me. So please advice !!!