Dears ,
I have Pix (IOS 7.2(3)) on gns3, and I configure cut-throuh proxy
And it has worked fine (successful authentication) But the source address
(136.1.23.10) can access (ping ) to destination
(10.0.0.10) before I do authentication and also after.
Note : no hit in the ACL vtel line icmp all hits on outside ACL.The
Configration :
virtual telnet 136.1.23.100
static (inside,outside) 136.1.23.100 136.1.23.100 netmask
255.255.255.255
aaa-server ACS protocol radius
aaa-server ACS host
10.0.0.100
aaa authentication match vtel outside ACS
aaa authentication telnet console ACS
access-list outside extended permit tcp any host
136.1.23.100
access-list outside extended permit icmp host 136.1.23.10
host 10.0.0.100
access-list outside extended deny ip any any
access-list vtel extended permit icmp host 136.1.23.10 host
10.0.0.10
access-list vtel extended permit tcp any host 136.1.23.100
eq telnet
Regards
Mohammad Hassan
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
