Hi,

I am trying to do Auth-Proxy with a Cisco router running 12.4(7) and Secure ACS Solution Engine 3.3.3.11.

The router is configured as

+++++++++++++++++++++

aaa group server tacacs+ aus-nac-group-tacacs

server-private 10.190.99.26 key xx

ip tacacs source-interface GigabitEthernet0/0.99

aaa authentication login default group aus-nac-group-tacacs

aaa authentication login telnet group tacacs+ local

aaa authentication eou default group aus-nac-group

aaa authorization exec default group aus-nac-group-tacacs

aaa authorization exec telnet group tacacs+ if-authenticated

aaa authorization commands 1 telnet group tacacs+ if-authenticated

aaa authorization commands 15 telnet group tacacs+ if-authenticated

aaa authorization auth-proxy default group aus-nac-group-tacacs

aaa accounting exec default stop-only group tacacs+

aaa accounting commands 15 default stop-only group tacacs+

aaa authorization auth-proxy default group aus-nac-group-tacacs

ip auth-proxy name test-auth telnet inactivity-time 5 list nac-test-trigger_acl

++++++++++++++++++++++++

On the secure ACS a new service is defined as "auth-proxy".

In the user-profile the auth-proxy box is checked and Custom-Attributes are defined as

+++++++++++++++++++++++++++

priv-lvl=15

proxyacl#1="permit tcp any host 198.133.219.27"

+++++++++++++++++++++++++++++

However when user initiates a connection, the user authentication succeeds but Authorization fails and the following message is shown on ACS

++++++++++++++

Service denied

service=auth-proxy protocol=ip

++++++++++++++

Any idea what could be going wrong here ?

Thanks,

Naman