Folks, ASA Cut though proxy is a very important topic for the exam. Has anyone used *"PIX/ASA Command Authorization Set*"? In most docs, I see "*Shell Command Authorization Set" *only used for ASA CTP.
Any thoughts? With regards Kings On Fri, Aug 5, 2011 at 4:54 PM, Kingsley Charles <[email protected] > wrote: > Hi all > > In ACS @ Interface Configuration > TACACS+ (Cisco IOS), you have an option > to enable "PIX Shell (pixshell)". In ACS 4.1, this seems to be a dummy and > doesn't have a purpose. > Given below are the issues I observed > > > ASA Shell Access > ============== > > I am not able to login in the ASA using TACACS authentication when the user > account is enabled with "PIX Shell (pixshell)". Only, if "Shell (exec)" is > enabled, I am able to login into ASA. (Note - You will be able login only > into user exec mode. It is known issue that we can't login into privilege > exec directly even with priv 15 (tacacs) or administrative (radius)). > > > But the "Shell (exec)" is meant for IOS not ASA. > > > ASA Cut Through Proxy > ================= > > Under *"PIX/ASA Command Authorization Set*" of the user account, you will > be able to select the "PIX/ASA Command Authorization Set". This doesn't work > for ASA Cut Through Proxy authorization. > Even, if you use a authorization set under "*Shell Command Authorization > Set"* of Shell, there are inconsistencies. > > Only "Per User Command Authorization" of the "*Shell Command Authorization > Set"* works without any issues. > > > With regards > Kings >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
