virtual telnet/downloadable access lists: acl authorization denied error

bbanier — Sun, 10 Mar 2019 21:01:42 GMT

Hello,

has someone else experienced the same "issue" as described below ? And can someone (Cisco ?) tell whether this is by design, and if so, what the reasoning is behind this ?

We use virtual telnet for user authentication, when users need to pass traffic through a PIX, and use downloadable access-lists after successful authentication.

When a user authenticates himself, an error message appears in the virtual telnet window: "error: acl authorization denied".

And the PIX log shows:

109005: Authentication succeeded for user 'user1' from <workstation-IP>/2066 to <virtual-telnet-IP>/23 on interface inside

109015: Authorization denied (acl=#ACSACL#-IP-PIX_ACL-421492f3) for user 'user1' from <workstation-IP>/2066 to <virtual-telnet-IP>/23 on interface inside

This error message disappears when we add telnet access for the virtual telnet-IP@ in the downloadable access-list on the Cisco ACS. I could not find any reference to this configuration quirk in any document.

Now, with or without the error, the user can use virtual telnet and everything permitted

in the downloadable acl without any problem (so why post an error message then ?).

thanks

Re: virtual telnet/downloadable access lists: acl authorization

umedryk — Tue, 01 Mar 2005 17:10:55 GMT

Try to disable authorization and see if this error stops

Re: virtual telnet/downloadable access lists: acl authorization

bbanier — Wed, 09 Mar 2005 21:32:14 GMT

It is exactly authorization that we want to use ?

topic Re: virtual telnet/downloadable access lists: acl authorization in Network Access Control

virtual telnet/downloadable access lists: acl authorization denied error

Re: virtual telnet/downloadable access lists: acl authorization

Re: virtual telnet/downloadable access lists: acl authorization