Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA authentication proxy using ACS for authorization

Hi,

I configured the ASA as an authentication proxy. So any user want to telnet to using port 3001, or using port 23 should first authenticate to virtual telnet address and then ACS will authorized the user:

aaa authentication include telnet 0 0 10.1.1.1 TAC

aaa authorizaion include telnet inside 0 0 TAC

aaa authorization include tcp/3000 inside 0 0 TAC

virtual telnet 10.1.1.1

I configured the acs as the following:

enable shell with privilage 15

permit command telent (permit any urgments)

permit command 6/3001 (permit any arguments).

So I am authenticated with virtual telnet and can do telnet only with port 23 but not with port 3001. I double my configuration a lot and didn't find any mistake. According to Cisco documentation I should add command 6/3001 (6 is tcp protocol number) but it is not working with me. So please advice !!!

1 REPLY
New Member

Re: ASA authentication proxy using ACS for authorization

Try putting fixup protocol telnet 3001

127
Views
0
Helpful
1
Replies
CreatePlease to create content