Buy or Renew
Buy or Renew
Notice: The file download function is disabled. We apologize for the inconvenience.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
349
Views
0
Helpful
1
Replies

pix virtual telnet

rongjing
Level 1
Level 1

‎06-07-2004 05:53 AM - edited ‎02-20-2020 11:26 PM

Hi, All

Just wondering what is the point of applying virtual telnet on pix. Since we can use downloadable acl at the ACS for pix, the user shall be able to access whatever he want after successfully passing the authentication (based on the downloaded acl). Any comments on the difference between virtual telnet feature and the downloadable acl feature will be much appreciated! Thanks!

Best Regards,

0 Helpful
1 Reply 1

pcomeaux
Cisco Employee
Cisco Employee

‎06-07-2004 07:28 AM

The Virtual HTTP or Telnet server provides a predictable authentication point that users can authenticate against. The Pix kicks off the authentication process for HTTP or FTP or TELNET, whether it is directly to the Pix or a remote destination.

Downloadable ACLs from ACS can enhance this authentication by providing authorization for the connection requests on all protocols.

So, these features are complimentary and sometimes the Virtual Telnet may not be necessary if your users can be prompted by going to a certain website.

I've implemented the Virtual Telnet server for a NOC that manages customer's networks. In order to access the particular customer networks (authorized by downloadable ACLs), they first have to telnet to the Pix for authentication.

Another feature released in 6.3.1 that I like is the "per-user-override" that you can add to the end of the "access-group" statements. You may want to look into this command as well.

Hope this helps.

peter

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card