01-20-2010 05:07 AM - edited 03-11-2019 09:59 AM
Hi everybody.
I'm runnig ASA with TACACS console authentication in order to have authentication/authorization on console access (telnet/SSH) via AAA but I need to exclude a particular SSH host from the authentication process. It seems that the include/exclude or match commands applies only to the traffic going trought the ASA but not to the traffic going "to" the ASA, as console access traffic should be. I've done some testing, playing around include/exclude without success, of course
Can someone give a clue about?
Solved! Go to Solution.
01-20-2010 05:23 AM
I believe you are correct. There is no way to just exclude one IP from being exempted from AAA authentication when managing the device via ssh while allowing the rest to authenticate via TACACS.
-KS
01-20-2010 05:23 AM
I believe you are correct. There is no way to just exclude one IP from being exempted from AAA authentication when managing the device via ssh while allowing the rest to authenticate via TACACS.
-KS
01-29-2010 12:53 AM
Thank you for your reply.
I've tried some other solutions but without success. Too bad, I've to move somewhere else
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: