I was doing some testing and for some reason I dont think my proxy ACL is working on this setup. I see that the proxy ACL has been applied however when i dont permit TCP traffic i am still able to telnet to R3. Also I have tried denying all IP traffic after permitting ICMP. Both still allow for TCP telnet traffic to R3.
R1# show ip auth-proxy cache username admin
Authentication Proxy Cache
Authentication Method : Proxy
User Name : admin
Client IP : 172.16.10.100
Client Port : 59825
Timeout : 60
Time Remaining : 60
Connection state : ESTAB
EPM information : Authproxy
Admission feature: AUTHPROXY
AAA Policies:
Proxy ACL: permit icmp any any
EOU information
-------------------------------------------------------------------------
Address Interface AuthType Posture-Token Age(min)
-------------------------------------------------------------------------
EPM information : EOU
Existing Firewall Sessions Information:
R1#
R1#clear ip auth-proxy cache *
R1# show ip auth-proxy cache username admin
Authentication Proxy Cache
Authentication Method : Proxy
User Name : admin
Client IP : 172.16.10.100
Client Port : 59831
Timeout : 60
Time Remaining : 60
Connection state : ESTAB
EPM information : Authproxy
Admission feature: AUTHPROXY
AAA Policies:
Proxy ACL: permit icmp any any
Proxy ACL: deny ip any any
EOU information
-------------------------------------------------------------------------
Address Interface AuthType Posture-Token Age(min)
-------------------------------------------------------------------------
EPM information : EOU
Existing Firewall Sessions Information:
R1#
Anyone else test this?