Hi all In ACS @ Interface Configuration > TACACS+ (Cisco IOS), you have an option to enable "PIX Shell (pixshell)". In ACS 4.1, this seems to be a dummy and doesn't have a purpose. Given below are the issues I observed
ASA Shell Access ============== I am not able to login in the ASA using TACACS authentication when the user account is enabled with "PIX Shell (pixshell)". Only, if "Shell (exec)" is enabled, I am able to login into ASA. (Note - You will be able login only into user exec mode. It is known issue that we can't login into privilege exec directly even with priv 15 (tacacs) or administrative (radius)). But the "Shell (exec)" is meant for IOS not ASA. ASA Cut Through Proxy ================= Under *"PIX/ASA Command Authorization Set*" of the user account, you will be able to select the "PIX/ASA Command Authorization Set". This doesn't work for ASA Cut Through Proxy authorization. Even, if you use a authorization set under "*Shell Command Authorization Set"* of Shell, there are inconsistencies. Only "Per User Command Authorization" of the "*Shell Command Authorization Set"* works without any issues. With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
