I had currently turn on TACACS authentication for all traffic going to internet.
Is there anyway for me to bypass a specific destination and port from TACACS authentication? The rest of the traffic must still challenge by the ACS server.
Yes - if you are using a Pix firewall, here is a link which includes sample configurations for the Pix. You would simple exclude or deny the traffic from the aaa authentication process.
