Hi all When the ASA cut-through proxy is configured for authorization, I observed with wireshark that initially the ASA sends authorization request for shell=exec attribute and then sends the authorization request for service using command/argument. This is the same as it happens with IOS command authorization.
If I don't enable shell=exec in the Tacacs user profile, I get a fail response. Even, if the ASA gets the failed response, it sends authorization requests for commands. I am trying with 8.0(5). May be shell-exec needs to enabled with later images. So, has anyone observed that the ASA mandates for shell-exec to be enabled for successful ctp authorization? With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
