10-22-2009 01:39 AM - edited 03-10-2019 04:44 PM
I'm using Cisco Secure ACS 4.0 to authenticate outgoing http sessions on PIX running 6.3(5).
Now I need to change the absolute timeout per user using TACACS+.
Thanks for help.
Regards.
Andrea
10-22-2009 03:40 AM
Hi Andrea,
The PIX timeout uauth command controls how often re-authentication is required. If TACACS+ authentication/authorization is on, this is controlled on a peruser basis.
To configure timeout and idle timeout on the ACS Server using TACACS+, follow these steps:
Step 1. On CS ACS GUI, from left Menu navigation, click on Group Setup, choose the Group, and click on Edit.
Step 2. On the Group Configuration page, select TACACS+ from the Jump To drop-down menu.
Step 3. Check the Shell (Exec) box.
Step 4. Check Idle time and enter a value of 2.
Step 5. Check the Timeout box and enter a value of 1.
Step 6. Click the Submit+Restart button.
Note: You must have the authorization turned on for timeout and idle timeout to work properly.
HTH
JK
Plz rate helpful posts-
10-22-2009 07:08 AM
Good! Your answer confirms my ACS setup. Now the real question is "must have authorization with TACACS".
Thanks.
Andrea
10-22-2009 08:20 AM
Hi Andrea,
Here is the answer:
Cut-through Proxy for Network Access using TACACS+ and RADIUS Server Configuration Example
Configure TACACS+ Authorization
HTH
JK
Plz rate helpful posts-
10-22-2009 10:56 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide