For inbound authentication through the ASA, I can make it work by matching an ACL to the outside IP like this.
*access-list Inbound_Auth_ACL extended permit tcp any host 192.1.24.15 eq telnet aaa authentication match Inbound_Auth_ACL outside AuthInbound* static (inside,outside) 192.1.24.15 10.2.2.5 netmask 255.255.255.255 access-list OUTSIDE_IN extended permit tcp host 192.1.24.4 host 192.1.24.15 eq telnet However, if I setup specific auth include, I have to use the inside address to make it work: *aaa authentication include telnet outside 10.2.2.5 255.255.255.255 0 0 AuthInbound* static (inside,outside) 192.1.24.15 10.2.2.5 netmask 255.255.255.255 access-list OUTSIDE_IN extended permit tcp host 192.1.24.4 host 192.1.24.15 eq telnet I'm trying to figure out the order of operation and why each method acts differently. Any suggestions? Thanks, Brian
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
