01-20-2010 05:07 AM - edited 03-11-2019 09:59 AM
Hi everybody.
I'm runnig ASA with TACACS console authentication in order to have authentication/authorization on console access (telnet/SSH) via AAA but I need to exclude a particular SSH host from the authentication process. It seems that the include/exclude or match commands applies only to the traffic going trought the ASA but not to the traffic going "to" the ASA, as console access traffic should be. I've done some testing, playing around include/exclude without success, of course
Can someone give a clue about?
Solved! Go to Solution.
01-20-2010 05:23 AM
I believe you are correct. There is no way to just exclude one IP from being exempted from AAA authentication when managing the device via ssh while allowing the rest to authenticate via TACACS.
-KS
01-20-2010 05:23 AM
I believe you are correct. There is no way to just exclude one IP from being exempted from AAA authentication when managing the device via ssh while allowing the rest to authenticate via TACACS.
-KS
01-29-2010 12:53 AM
Thank you for your reply.
I've tried some other solutions but without success. Too bad, I've to move somewhere else
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide