Yes , and if you deny all no one will be able to access the server . I think there are some problems with the DOC CD , also one thing to note is that we should we very good with ASA topics as the ASA Documentation CD is not that good as IOS .
From: [email protected] To: [email protected]; [email protected] CC: [email protected] Subject: RE: [OSL | CCIE_Security] ACL and auth-proxy Date: Thu, 9 Feb 2012 14:54:40 +0000 the question is why in the some examples for auth proxy we use access-list to deny any any from access ho http server Date: Thu, 9 Feb 2012 18:37:54 +0530 From: [email protected] To: [email protected] CC: [email protected] Subject: Re: [OSL | CCIE_Security] ACL and auth-proxy You need to apply the access-list to the interface. With regards Kings On Thu, Feb 9, 2012 at 6:35 PM, HA Ali <[email protected]> wrote: Kings : Even when there is no access-group define on the interface as explained in the doc cd ? ( following is the copy and paste from it ) Date: Thu, 9 Feb 2012 18:32:59 +0530 Subject: Re: [OSL | CCIE_Security] ACL and auth-proxy From: [email protected] To: [email protected] CC: [email protected] sh access-list should show them. With regards Kings On Thu, Feb 9, 2012 at 5:29 PM, HA Ali <[email protected]> wrote: While doing debugs I get following messages *Mar 1 00:40:26.271: TAC+: Received Attribute "priv-lvl=15" *Mar 1 00:40:26.271: TAC+: Received Attribute "proxyacl#1=permit tcp any any eq 80" *Mar 1 00:40:26.275: TAC+: Received Attribute "proxyacl#2=permit icmp any any" *Mar 1 00:40:26.275: AAA/AUTHOR (1909359833): Post authorization status = PASS_ADD and on the client end i see authentication sucessful . But on router when i do show ip access-list or show access-list I dont see any ACL . I remember in ASA the command was show uauth to check that , is there any different command to check these dynamic ACLs I cant remember of at the moment . On IOS when i do show ip auth-proxy cache , i can see the client ip address and username . _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
