RE: [fw-wiz] PIX Authentication Question

• Previous message: Jim Seymour: "Re: [fw-wiz] Rules for mailserver which is in internet zone ??"
• Maybe in reply to: Lee T. Christie: "[fw-wiz] PIX Authentication Question"
• Next in thread: Dario Calia: "Re: [fw-wiz] PIX Authentication Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Lee T. Christie" <Lee.Christie@mosaicinfo.org>, <firewall-wizards@honor.icsalabs.com>
Date: Fri, 12 Dec 2003 09:08:04 -0500

In order to do this, you must use AAA authentication for enable mode:

aaa authentication enable console admin-group
timeout uauth 00:15:00 inactivity

This would mean that users that can authenticate via the admin-group (see aaa-server) can access enabled mode on the PIX, and that after 15m of idle time, they must re-authenticate. However, the uauth timeout can only be set once, so if users authenticate to the PIX for other things (outbound access, for instance), this idle time affects them as well.

PaulM

-----Original Message-----
I am looking for a way to have authentication timed-out on a direct console
connection. e.g. If I authenticate with enable is there anyway to have it
automatically log me off after a set time period? I am running a Cisco PIX
520 ver 6.2(2). Any help would be appreciated.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Jim Seymour: "Re: [fw-wiz] Rules for mailserver which is in internet zone ??"
• Maybe in reply to: Lee T. Christie: "[fw-wiz] PIX Authentication Question"
• Next in thread: Dario Calia: "Re: [fw-wiz] PIX Authentication Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]