I have a PIX running 6.3(5) and ACS 3.3 and I'm trying to configure AAA Authorization on the PIX. I followed the docs on Cisco, however I can't get anything to work. AAA authentication is already working so I know that end is OK. What I want ot do is allow a certain ACS group to be able to login to the firewall (level 1 only) and have the ability to do a show run. Do I need to change the privilege of show run to level 1?
Thanks for the screenshots! I set the users to level 15 but I get the same results. I have a ShowRun group that allows the following; show permit run, exit, and quit, and Denying not matching. I have a second group FullControl that permits any unmatched. Assigned level 15 to both groups and set each group to the appropriate shell command group. The weird thing is with my test login (in the ShowRun group) I can do show ?, but thats it. If I login with my ID (FullControl) I can only do the exact same thing, show ?. I must be missing something (easy I'm sure).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...