Hi, I have the following cut-trough proxy config on an ASA.
aaa authentication match trigger dmz TACACS access-list trigger extended permit tcp any any eq 2001 access-list trigger extended permit tcp any host 10.0.0.200 eq www access-list trigger extended permit tcp any host 10.0.0.201 eq telnet virtual http 10.0.0.200 virtual telnet 10.0.0.201 For some reason the virtual IPs don't accept connections. Here is the log I get on the ASA: %ASA-2-106001: Inbound TCP connection denied from 10.0.0.100/3088 to 10.0.0.201/23 flags SYN on interface dmz %ASA-2-106001: Inbound TCP connection denied from 10.0.0.100/1035 to 10.0.0.200/80 flags SYN on interface dmz Any other form of network authentication is working well, including listener and redirect. Please comment, Thanks, Oszkar
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
