This works for PIX OS version which uses "pixshell" instead of "shell" service type. This was sometimes before PIX 6.3 and ASA 7. I don;t recall exact version but it does not matter now.
Regards, Piotr 2011/8/7 Kingsley Charles <[email protected]> > Folks, > > ASA Cut though proxy is a very important topic for the exam. Has anyone > used *"PIX/ASA Command Authorization Set*"? In most docs, I see "*Shell > Command Authorization Set" *only used for ASA CTP. > > Any thoughts? > > With regards > Kings > > > On Fri, Aug 5, 2011 at 4:54 PM, Kingsley Charles < > [email protected]> wrote: > >> Hi all >> >> In ACS @ Interface Configuration > TACACS+ (Cisco IOS), you have an option >> to enable "PIX Shell (pixshell)". In ACS 4.1, this seems to be a dummy and >> doesn't have a purpose. >> Given below are the issues I observed >> >> >> ASA Shell Access >> ============== >> >> I am not able to login in the ASA using TACACS authentication when the >> user account is enabled with "PIX Shell (pixshell)". Only, if "Shell (exec)" >> is enabled, I am able to login into ASA. (Note - You will be able login only >> into user exec mode. It is known issue that we can't login into privilege >> exec directly even with priv 15 (tacacs) or administrative (radius)). >> >> >> But the "Shell (exec)" is meant for IOS not ASA. >> >> >> ASA Cut Through Proxy >> ================= >> >> Under *"PIX/ASA Command Authorization Set*" of the user account, you will >> be able to select the "PIX/ASA Command Authorization Set". This doesn't work >> for ASA Cut Through Proxy authorization. >> Even, if you use a authorization set under "*Shell Command Authorization >> Set"* of Shell, there are inconsistencies. >> >> Only "Per User Command Authorization" of the "*Shell Command >> Authorization Set"* works without any issues. >> >> >> With regards >> Kings >> > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
