02-22-2005 01:23 AM - edited 03-10-2019 02:01 PM
Hello,
has someone else experienced the same "issue" as described below ? And can someone (Cisco ?) tell whether this is by design, and if so, what the reasoning is behind this ?
We use virtual telnet for user authentication, when users need to pass traffic through a PIX, and use downloadable access-lists after successful authentication.
When a user authenticates himself, an error message appears in the virtual telnet window: "error: acl authorization denied".
And the PIX log shows:
109005: Authentication succeeded for user 'user1' from <workstation-IP>/2066 to <virtual-telnet-IP>/23 on interface inside
109015: Authorization denied (acl=#ACSACL#-IP-PIX_ACL-421492f3) for user 'user1' from <workstation-IP>/2066 to <virtual-telnet-IP>/23 on interface inside
This error message disappears when we add telnet access for the virtual telnet-IP@ in the downloadable access-list on the Cisco ACS. I could not find any reference to this configuration quirk in any document.
Now, with or without the error, the user can use virtual telnet and everything permitted
in the downloadable acl without any problem (so why post an error message then ?).
thanks
03-01-2005 09:10 AM
Try to disable authorization and see if this error stops
03-09-2005 01:32 PM
It is exactly authorization that we want to use ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide