Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
0
Helpful
1
Replies

ASA authentication proxy using ACS for authorization

abdullah-asi
Level 1
Level 1

‎04-21-2008 03:06 AM - edited ‎03-11-2019 05:34 AM

Hi,

I configured the ASA as an authentication proxy. So any user want to telnet to using port 3001, or using port 23 should first authenticate to virtual telnet address and then ACS will authorized the user:

aaa authentication include telnet 0 0 10.1.1.1 TAC

aaa authorizaion include telnet inside 0 0 TAC

aaa authorization include tcp/3000 inside 0 0 TAC

virtual telnet 10.1.1.1

I configured the acs as the following:

enable shell with privilage 15

permit command telent (permit any urgments)

permit command 6/3001 (permit any arguments).

So I am authenticated with virtual telnet and can do telnet only with port 23 but not with port 3001. I double my configuration a lot and didn't find any mistake. According to Cisco documentation I should add command 6/3001 (6 is tcp protocol number) but it is not working with me. So please advice !!!

Labels:
0 Helpful
1 Reply 1

rkalia1
Level 1
Level 1

‎04-22-2008 05:20 AM

Try putting fixup protocol telnet 3001

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card