Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1119
Views
0
Helpful
1
Replies

Bypassing specific destination traffic from authentication

cltoh
Level 1
Level 1

‎05-27-2004 02:33 AM - edited ‎02-21-2020 10:10 AM

I had currently turn on TACACS authentication for all traffic going to internet.

Is there anyway for me to bypass a specific destination and port from TACACS authentication? The rest of the traffic must still challenge by the ACS server.

Labels:
0 Helpful
1 Reply 1

pcomeaux
Cisco Employee
Cisco Employee

‎05-27-2004 08:02 PM

Depending on which method the pix is using for Authentication, you should be able to do this:

Option 1:

aaa authentication include | exclude authen_service if_name local_ip local_mask [foreign_ip foreign_mask] server_tag

Option 2:

aaa authentication match acl_name if_name server_tag

I know Option 2 works. In the ACL Option 2 refers to, you can include a deny statement before the permit statements. The deny statements tell the Pix which traffic not to authenticate. With the flexability of the ACL, you can tell it Specific Source/Destination IPs/Protocols/Ports.

There's some good examples at this location:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/ab.htm#wp1111727

Hope this helps,

peter

0 Helpful
Customers Also Viewed These Support Documents