Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX 7.0 and per user VPN ACL through tacacs+

Hi

with 6.3 version of pixos I was able to pass an access-list number to a VPN user through AAA (specifing it under service=shell in ciscosecure ACS used with tacacs+).

I upgraded to 7.0 and now when I authenticate to the ACS through tacacs+ the session does not request the service=shell anymore to the ACS server.

Is there a way to pass at least a per user ACL number to the pix through tacacs+ anymore in 7.0?

I really need this feature..

Thanks in advance

Roberto

2 REPLIES
Bronze

Re: PIX 7.0 and per user VPN ACL through tacacs+

Looks like you are hitting the bug CSCsb36525.

New Member

Re: PIX 7.0 and per user VPN ACL through tacacs+

Don't think so I used tacacs to authenticate to the server and don't download the ACL to the PIX through tacacs I instead specify an ACL number in the Service=Shell ACLNumber of CiscoSecure tacacs+ service shell section.

Anyway I converted to Radius and everything works fine now.

127
Views
0
Helpful
2
Replies