Hi
Has anybody a running configuration on v8.4(3)9 with a cut-through proxy setup, that doesn't need a virtual server?
Before upgrading a telnet session was authenticated on the ASA inband, just by configuring the corresponding "aaa authentication match some-acl inside LOCAL" command and an acl that matched the telnet session. After upgrading to 8.4(3)9 it works only when configuring and using a virtual server and having the virtual server within the authentication acl.
The loggs show the following message: "%ASA-7-109014: uauth_lookup_net fail for get_np_flow_info()"
Regarding the logging-guide this means that authorization is missing. But I only want authentication, not authorization, as this is only supported with tacacs+.
Is this a bug related to the introduction of user-identity stuff or just a new feature?