RE: ASA aaa configuration and ACS options?

Guys thanks for your support.

My apology for annoying people asking a stupid question.

I figured out myself and I am fine with ASA and ACS. It is really not a rocket
science just a little bit of research and testing is required which I did in
my lab. Cisco has the best documentation just sometimes you need to keep
searching.

Many of us did not get where we are today by taking a one long leap. We may be
great engineer and highly experienced, but remember we all learn from each
other every day in this profession. Nothing is basic and nothing is rocket
science in IT profession.

I really did not mean to offend anyone. My apologies.

There will be many e-mails in future. If someone who does not have time or
does not like to respond then just delete it.

This forum is open for everyone.

Best Regards.

Adil.

From: Jay McMickle [mailto:jay.mcmickle_at_yahoo.com]
Sent: Tuesday, November 02, 2010 11:51 AM
To: S Malik
Cc: Adil Pasha; Cisco certification
Subject: Re: ASA aaa configuration and ACS options?

I follow the forum regularly, and yes, most mark OT in the subject line.

However, I don't feel this is a forum for those needing basic information for
setting up a technology not related to the CCIE lab. That IS the primary focus
point on this forum. Most on this forum are looking for advanced assistance as
they near their date.

I hope to not have offended anyone.

Lab up.

Regards,

Jay McMickle- CCNP,CCSP,CCDP

Sent from my iPhone

http://mycciepursuit.wordpress.com

On Nov 2, 2010, at 10:13 AM, S Malik <ccie.09_at_gmail.com> wrote:

Jay,

It guess you don't follow this forum regularly. This forum has changed from a
CCIE related questions answer forum to a great professional forum as well.

I am not denying its primary purpose but it has become more than a traditional
CCIE forum and there are many good folks here who are always there to assist
any one who needs.

Anyway, I prefer, non CCIE related questions be marked as OT in the subject
line.

On Mon, Nov 1, 2010 at 11:25 AM, Jay McMickle <jay.mcmickle_at_yahoo.com> wrote:

This really isn't the forum for striaght configuration setup, but this will
get
you started.

aaa authentication enable console myACSserver LOCAL
aaa
authentication http console myACSserver LOCAL
aaa authentication ssh console
myACSserver LOCAL

aaa authorization command myACSserver LOCAL

aaa-server
myACSserver protocol tacacs+
 reactivation-mode depletion deadtime 1
aaa-server myACSserver (inside) host 1.1.1.1
 timeout 3
 key *****

username
test password test priv 15

Make sure to put the "LOCAL" at the end so that it
will fallback to local auth
in the event your TACACS server is unreachable.

Regards,
Jay McMickle- CCNP, CCSP, CCDP, MCSE
http://mycciepursuit.wordpress.com/

________________________________
From: Adil Pasha <aspasha_at_gmail.com>
To: Cisco certification
<ccielab_at_groupstudy.com>
Sent: Sat, October 30, 2010 3:58:48 PM
Subject: ASA
aaa configuration and ACS options?

Could someone please let me know the
configuration to configure "aaa command
authorization" on ASA and
configuration ACS to make the user login work?

I tried everything and
checked google.com but found nothing.

I must be doing something wrong
therefore I get the following error and ACS
logs shows that ASA is looking for
"enable_15". It is documented in any
Cisco ASA docs?

ASA-GNS3Lab(config)#
aaa authorization command myACSserver LOCAL

ASA-GNS3Lab(config)# exit
Command authorization failed

ASA-GNS3Lab(config)# exit

Command authorization
failed

ASA-GNS3Lab(config)#

Please let me know what I must be doing
wrong?

Best Regards.

Adil.

Blogs and organic groups at
http://www.ccie.net
Received on Tue Nov 02 2010 - 21:53:46 ART