Guys, Any idea why this is not working?
aaa authentication login default group tacacs+ aaa authentication login CONSOLE none aaa authorization exec default group tacacs+ aaa authorization auth-proxy default group tacacs+ ip auth-proxy auth-proxy-banner telnet ^C TELNET AUTH ^C ip auth-proxy name AP telnet inactivity-time 60 list auth_proxy interface FastEthernet0/0 ip address 192.168.1.89 255.255.255.0 ip access-group inbound in ip auth-proxy AP ip access-list extended auth_proxy permit tcp any host 150.7.7.2 eq telnet ip access-list extended inbound deny tcp any host 150.7.7.2 eq telnet permit ip any any tacacs-server host 192.168.1.2 tacacs-server directed-request tacacs-server key CISCO On ACS: Router is added as a client with the correct pre-shared key and IP. User created on ACS "authuser" with the password of cisco. auth-proxy attributes under "authuser" profile: priv-lvl=15 proxyacl#1=permit tcp any host 150.7.7.2 eq 23 Test from router: RouterD#test aaa group tacacs authuser cisco leg Attempting authentication test to server-group tacacs+ using tacacs+ User was successfully authenticated. Test from PC: TELNET AUTH Username:authuser Password: Firewall authentication Failed.Please Retry Username: ACS LOG: Message-type: AUTHOR FAILED Author Failure-code: SERVICE DENIED Author-Data: service=auth-proxy protocol= IP Thanks
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
