1 May
2007
1 May
'07
10:02 p.m.
Norman Zhang wrote:
tnt@kalik.co.yu wrote:
Yes. Use NAS-IP-Address as check item. If you need a list of groups and/or users/callerIDs/etc. that are allowed then use a huntgroup.
I added the following lines to huntgroup.
fw-pix NAS-IP-Address == 10.0.0.1 fw-pix NAS-IP-Address == 10.0.0.2
fw-pix-group NAS-IP-Address == 10.0.0.1 User-Name = fw-admin, Group = fw-group
I also added the following lines to users DEFAULT Group = fw-group cisco-avpair := "shell:priv-lvl=15" DEFAULT Huntgroup-Name == "fw-pix" Fall-Through = Yes but I still cannot work. Now there's nothing showing with debug mode. Can someone please give me a few pointers? Norman