ACS TACACS+ Authorization for ASA Cut Through Proxy
who does know how to configurea user profile for ACS to authorize a user for ASA cuit through Proxy ? Radius is simple, but TACACS+ is very uncommon and not outlined in any document or configuration example.
Re: ACS TACACS+ Authorization for ASA Cut Through Proxy
Actually the device is working the way it should. Its just that we need to understand what we have requested device to do for cut through traffic.
When we use the command,
We are instructing device to authenticate the user before we could actually let the end user send the traffic(cut through).
Everything is fine at this end.
When we also tell,
Now we have instructed device to do, Okay now its good that user has come past the level of authentication, but I need more security, and that authenticated user should only be able to do what its permitted to. If that individual try to access something thats not permitted on their profile. Stop them there itself.
So in our case, that is what's happening.
Though the user is authenticated. Now if they try to browse something, they are trying to do
http and the ip address.
So we need to permit that too, else they will be denied access.
In case you do not want such a thing to occur.
You can simply remove the "aaa authorization.." that you have.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :