Friday, February 12, 2010

firewall-wizards Digest, Vol 46, Issue 2

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Login straight to priv mode in PIX with TACACS server
(Michel Ferreira)
2. Re: Login straight to priv mode in PIX with TACACS server
(John Morrison)


----------------------------------------------------------------------

Message: 1
Date: Sat, 6 Feb 2010 13:32:44 -0200
From: Michel Ferreira <michelf@gmail.com>
Subject: [fw-wiz] Login straight to priv mode in PIX with TACACS
server
To: firewall-wizards@listserv.icsalabs.com
Message-ID:
<c414c26f1002060732t5cc14232m2b3eabaa768d4b80@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

Hi,

I've successfully configured my PIX 506E (6.3) to authenticate with my
TACACS+ Server (ACS 4.1), however I want to know if there's any way to
put the user straight in priv mode (enable) just after login, without
the need to input the 'enable' command.

I'm questioning this because I don't want to include the "aaa
authentication enable console tacacs+ LOCAL" command, since with this
command if I need console access I still will be authenticating
against the TACACS+ server, which, in a emergency situation (like one
that i need to physically connect a console cable to the firewall)
I'll be using the remote authentication, and I don't want that.

Thanks for your considerations,

Michel


------------------------------

Message: 2
Date: Fri, 12 Feb 2010 08:33:06 +0000
From: John Morrison <john.morrison101@googlemail.com>
Subject: Re: [fw-wiz] Login straight to priv mode in PIX with TACACS
server
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<fd3b86ff1002120033r7a2f33b8w1ee2f3502771a6c2@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

Michel,

If you set the PIX to use tacacs+ and then local it will use local if
it cannot contact the TACACS+ server, The easiest way to make sure it
cannot contact the TACACS+ server is to remove the network cables.

On 6 February 2010 15:32, Michel Ferreira <michelf@gmail.com> wrote:
> Hi,
>
> I've successfully configured my PIX 506E (6.3) to authenticate with my
> TACACS+ Server (ACS 4.1), however I want to know if there's any way to
> put the user straight in priv mode (enable) just after login, without
> the need to input the 'enable' command.
>
> I'm questioning this because I don't want to include the "aaa
> authentication enable console tacacs+ LOCAL" command, since with this
> command if I need console access I still will be authenticating
> against the TACACS+ server, which, in a emergency situation (like one
> that i need to physically connect a console cable to the firewall)
> I'll be using the remote authentication, and I don't want that.
>
> Thanks for your considerations,
>
> Michel
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>


------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 46, Issue 2
***********************************************

No comments:

Post a Comment