From: Edouard Zorrilla (ezorrilla@tsf.com.pe)
Date: Thu Mar 12 2009 - 11:56:33 ARST
Everthing is clear with ASA and authentication, now how do I configure the
TACACS for traffic authorizarion, for instance this example :
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_
example09186a00807349e7.shtml
#############################################################################
########
These commands authenticate and authorize inside Telnet traffic. Telnet
traffic to servers other than 10.165.201.5 can be authenticated alone, but
traffic to 10.165.201.5 requires authorization.
hostname/contexta(config)#access-list TELNET_AUTH extended permit tcp any any
eq telnet
hostname/contexta(config)#access-list SERVER_AUTH extended permit tcp any host
10.165.201.5 eq telnet
hostname/contexta(config)#aaa-server AuthOutbound protocol tacacs+
hostname/contexta(config-aaa-server-group)#exit
hostname/contexta(config)#aaa-server AuthOutbound (inside) host 10.1.1.1
hostname/contexta(config-aaa-server-host)#key TACPlusUauthKey
hostname/contexta(config-aaa-server-host)#exit
hostname/contexta(config)#aaa authentication match TELNET_AUTH inside
AuthOutbound
hostname/contexta(config)#aaa authorization match SERVER_AUTH inside
AuthOutbound
#############################################################################
########
The links says :
See the documentation for your TACACS+ server for information on how to
configure network access authorizations for a user.
Any one who can tell me where is that LINK ? I will really appreciate it,
Regards
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:04 ART