Solved: Exclude an SSH admin host from AAA authentication

ifallani · ‎01-20-2010

Hi everybody.

I'm runnig ASA with TACACS console authentication in order to have authentication/authorization on console access (telnet/SSH) via AAA but I need to exclude a particular SSH host from the authentication process. It seems that the include/exclude or match commands applies only to the traffic going trought the ASA but not to the traffic going "to" the ASA, as console access traffic should be. I've done some testing, playing around include/exclude without success, of course

Can someone give a clue about?

Kureli Sankar · ‎01-20-2010

I believe you are correct. There is no way to just exclude one IP from being exempted from AAA authentication when managing the device via ssh while allowing the rest to authenticate via TACACS.

-KS

View solution in original post

Kureli Sankar · ‎01-20-2010

I believe you are correct. There is no way to just exclude one IP from being exempted from AAA authentication when managing the device via ssh while allowing the rest to authenticate via TACACS.

-KS

ifallani · ‎01-29-2010

Thank you for your reply.

I've tried some other solutions but without success. Too bad, I've to move somewhere else