https://community.cisco.com/t5/network-access-control/asa-cut-through-proxy-and-acs-5-3/m-p/1955299#M186896 <HTML><HEAD></HEAD><BODY><P>RS,</P><P></P><P>Hi here is the guide that helps you configure the cut-through proxy from the ASA this is a good example:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_fwaaa.html">http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_fwaaa.html</A></P><P></P><P>When configuring the ACS portion you can use two methods: "Cisco ACS" downloadable access-lists, "Any Radius Server" downloadable access-lists (my favorite), or you can send the filter attribute which points the user to a defined acl on the ASA. Either way you choose, you will have to first create a network authorization profile which will have the radius attributes in the formats that are outlined in this guide. You will create an authorization policy that will call this authorization policy as the result when they meet this condition.</P><P></P><P>Let me know how things go, if you get stuck, please posts screenshots so I can help you further.</P><P></P><P>Thanks,</P><P>Tarik admani</P><P></P><P></P><P></P><P></P><P></P><P></P><P></P><P></P><P>Tarik Admani <BR />*Please rate helpful posts*</P></BODY></HTML> Tue, 17 Jul 2012 05:21:30 GMT Tarik Admani 2012-07-17T05:21:30Z https://community.cisco.com/t5/network-access-control/asa-cut-through-proxy-and-acs-5-3/m-p/1955298#M186850 <P>Hi, I'm planning to migrate a customer from ACS 4.2 to ACS 5.3.</P><P></P><P>I have migrated the configuration for all the services but I'm thinking how to configure ASA 8.4 cut-through proxy service in TACACS+.</P><P></P><P>The same ASA uses TACACS+ for device mngt and RADIUS for vpn remote-access services.</P><P></P><P>How to ?</P><P></P><P>thank you in advance</P><P></P><P>rs</P> Mon, 11 Mar 2019 02:18:29 GMT https://community.cisco.com/t5/network-access-control/asa-cut-through-proxy-and-acs-5-3/m-p/1955298#M186850 r.spiandorello 2019-03-11T02:18:29Z https://community.cisco.com/t5/network-access-control/asa-cut-through-proxy-and-acs-5-3/m-p/1955299#M186896 <HTML><HEAD></HEAD><BODY><P>RS,</P><P></P><P>Hi here is the guide that helps you configure the cut-through proxy from the ASA this is a good example:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_fwaaa.html">http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_fwaaa.html</A></P><P></P><P>When configuring the ACS portion you can use two methods: "Cisco ACS" downloadable access-lists, "Any Radius Server" downloadable access-lists (my favorite), or you can send the filter attribute which points the user to a defined acl on the ASA. Either way you choose, you will have to first create a network authorization profile which will have the radius attributes in the formats that are outlined in this guide. You will create an authorization policy that will call this authorization policy as the result when they meet this condition.</P><P></P><P>Let me know how things go, if you get stuck, please posts screenshots so I can help you further.</P><P></P><P>Thanks,</P><P>Tarik admani</P><P></P><P></P><P></P><P></P><P></P><P></P><P></P><P></P><P>Tarik Admani <BR />*Please rate helpful posts*</P></BODY></HTML> Tue, 17 Jul 2012 05:21:30 GMT https://community.cisco.com/t5/network-access-control/asa-cut-through-proxy-and-acs-5-3/m-p/1955299#M186896 Tarik Admani 2012-07-17T05:21:30Z