cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1919
Views
4
Helpful
4
Replies

Changing per-user idle and absolute timeouts using TACACS+.

andrea.meconi
Level 2
Level 2

I'm using Cisco Secure ACS 4.0 to authenticate outgoing http sessions on PIX running 6.3(5).

Now I need to change the absolute timeout per user using TACACS+.

Thanks for help.

Regards.

Andrea

4 Replies 4

Jatin Katyal
Cisco Employee
Cisco Employee

Hi Andrea,

The PIX timeout uauth command controls how often re-authentication is required. If TACACS+ authentication/authorization is on, this is controlled on a peruser basis.

To configure timeout and idle timeout on the ACS Server using TACACS+, follow these steps:

Step 1. On CS ACS GUI, from left Menu navigation, click on Group Setup, choose the Group, and click on Edit.

Step 2. On the Group Configuration page, select TACACS+ from the Jump To drop-down menu.

Step 3. Check the Shell (Exec) box.

Step 4. Check Idle time and enter a value of 2.

Step 5. Check the Timeout box and enter a value of 1.

Step 6. Click the Submit+Restart button.

Note: You must have the authorization turned on for timeout and idle timeout to work properly.

HTH

JK

Plz rate helpful posts-

~Jatin

Good! Your answer confirms my ACS setup. Now the real question is "must have authorization with TACACS".

Thanks.

Andrea

Hi Andrea,

Here is the answer:

Cut-through Proxy for Network Access using TACACS+ and RADIUS Server Configuration Example

Configure TACACS+ Authorization

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml#configure-tacacs

HTH

JK

Plz rate helpful posts-

~Jatin

Thanks.

Also I need to set a Per Group Command Authorization: permit the http command or permit unmatched Cisco IOS commands.

See attachment please.

Regards.

Andrea

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: