Hi all I am trying to configure cut-through proxy for any traffic (authentication and authorization).
access-list mine permit ip any any aaa authentication match mine inside mine aaa authorization match mine inside mine Under "shell authorization > Per user command authorization" of User setup in ACS, I have permitted the command "1/8". 1 is ICMP protocol number and 8 is type. Unmatched Cisco IOS commands is "deny" Unlisted arguments is "permit" This should allow ping from inside to outside. The ping fails and the reason in the reports and activites mentions that command "1/8" is denied. First, I used a telnet session to ensure that there is "uauth" for device from where I am going to ping because ping can't be authenticated. Has any tried this? With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
