Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1289
Views
0
Helpful
2
Replies

virtual telnet/downloadable access lists: acl authorization denied error

bbanier
Level 1
Level 1

‎02-22-2005 01:23 AM - edited ‎03-10-2019 02:01 PM

Hello,

has someone else experienced the same "issue" as described below ? And can someone (Cisco ?) tell whether this is by design, and if so, what the reasoning is behind this ?

We use virtual telnet for user authentication, when users need to pass traffic through a PIX, and use downloadable access-lists after successful authentication.

When a user authenticates himself, an error message appears in the virtual telnet window: "error: acl authorization denied".

And the PIX log shows:

109005: Authentication succeeded for user 'user1' from <workstation-IP>/2066 to <virtual-telnet-IP>/23 on interface inside

109015: Authorization denied (acl=#ACSACL#-IP-PIX_ACL-421492f3) for user 'user1' from <workstation-IP>/2066 to <virtual-telnet-IP>/23 on interface inside

This error message disappears when we add telnet access for the virtual telnet-IP@ in the downloadable access-list on the Cisco ACS. I could not find any reference to this configuration quirk in any document.

Now, with or without the error, the user can use virtual telnet and everything permitted

in the downloadable acl without any problem (so why post an error message then ?).

thanks

Labels:
0 Helpful
2 Replies 2

umedryk
Level 5
Level 5

‎03-01-2005 09:10 AM

Try to disable authorization and see if this error stops

0 Helpful

bbanier
Level 1
Level 1
In response to umedryk

‎03-09-2005 01:32 PM

It is exactly authorization that we want to use ?

0 Helpful
Customers Also Viewed These Support Documents