https://community.cisco.com/t5/network-access-control/acs-issue-with-asa/m-p/1721842#M273075 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>The configuration seems fine.</P><P>Are you saying that the issue is intermittent? If yes, I would ask you to check the failed attempts of the ACS server at the time it fails. If they are being updated then the issue is not with the ACS. If they are not being updated collect the package.cab in full logging mode and we will need to find a reason why it is behaving that way. Probability is that the TACACS service might be hanging hence authentication stalls.</P><P></P><P>Action plan:</P><P>1. make logging full i.e. system configuration &gt; Service Control &gt; level of logging &gt; Full &gt; Restart</P><P>2. check the failed attempts of the ACS when authentication fails. If updated,not an issue with ACS</P><P>3. If not updated collect package.cab and we will have to check the reason of the failure. i.e. System configuration &gt; Support &gt; Run support now.</P><P></P><P>Hope this helps.</P><P></P><P>Regards,</P><P>Anisha</P><P></P><P>P.S.: please mark this post as answered if you feel your query is resolved. Do rate helpful posts.</P></BODY></HTML> Wed, 01 Jun 2011 00:56:08 GMT andamani 2011-06-01T00:56:08Z https://community.cisco.com/t5/network-access-control/acs-issue-with-asa/m-p/1721841#M273074 <P>Hi all,</P><P></P><P>This is regarding our Main internet ASA(5550) AAA login issue, We are facing some probelm like some time , we are not able to login with tacacs Username and password.</P><P></P><P>Due to this issue, some time our daily configuration backup is droping, Client security consultant are making noise..</P><P></P><P>But it work after I reload the primary ACS, We have 2 acs working as primary and secondary..</P><P></P><P>Can you guys suggest some solution..below is config template of ACS AAA configs.</P><P></P><P>name 192.168.1.X1 ACS1<BR />name 192.168.1.Y2 ACS2<BR />name 192.168.1.10 ACS ( This IP is ACE tacacs&nbsp; loadbalance IP ), All client is request is reaching to this IP and ACE is doing the load balancing.</P><P></P><P>aaa-server ACCT protocol tacacs+<BR />aaa-server ACCT (inside) host ACS1<BR /> key *****<BR />aaa-server ACCT (inside) host ACS2<BR /> key *****<BR />aaa-server AUTH protocol tacacs+<BR />aaa-server AUTH (inside) host ACS<BR /> key *****<BR />aaa authentication telnet console AUTH LOCAL<BR />aaa authentication ssh console AUTH LOCAL<BR />aaa authentication http console AUTH LOCAL<BR />aaa authentication serial console AUTH LOCAL<BR />aaa authentication enable console AUTH LOCAL<BR />aaa authorization command AUTH LOCAL<BR />aaa accounting command AUTH<BR />!</P> Mon, 11 Mar 2019 01:07:32 GMT https://community.cisco.com/t5/network-access-control/acs-issue-with-asa/m-p/1721841#M273074 sajism220 2019-03-11T01:07:32Z https://community.cisco.com/t5/network-access-control/acs-issue-with-asa/m-p/1721842#M273075 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>The configuration seems fine.</P><P>Are you saying that the issue is intermittent? If yes, I would ask you to check the failed attempts of the ACS server at the time it fails. If they are being updated then the issue is not with the ACS. If they are not being updated collect the package.cab in full logging mode and we will need to find a reason why it is behaving that way. Probability is that the TACACS service might be hanging hence authentication stalls.</P><P></P><P>Action plan:</P><P>1. make logging full i.e. system configuration &gt; Service Control &gt; level of logging &gt; Full &gt; Restart</P><P>2. check the failed attempts of the ACS when authentication fails. If updated,not an issue with ACS</P><P>3. If not updated collect package.cab and we will have to check the reason of the failure. i.e. System configuration &gt; Support &gt; Run support now.</P><P></P><P>Hope this helps.</P><P></P><P>Regards,</P><P>Anisha</P><P></P><P>P.S.: please mark this post as answered if you feel your query is resolved. Do rate helpful posts.</P></BODY></HTML> Wed, 01 Jun 2011 00:56:08 GMT https://community.cisco.com/t5/network-access-control/acs-issue-with-asa/m-p/1721842#M273075 andamani 2011-06-01T00:56:08Z https://community.cisco.com/t5/network-access-control/acs-issue-with-asa/m-p/1721843#M273076 <HTML><HEAD></HEAD><BODY><P>Hi Anisha,</P><P></P><P>Currently I can log in to same, as I said before, this will not happen regularly, Any way I will wait for that moment again,</P><P></P><P>I am attaching the current package.cab for your reference, Will sent the same agine one the issue comes</P><P></P><P>Have a look and advice</P><P></P><P>Regards</P><P>-Saji</P></BODY></HTML> Thu, 02 Jun 2011 11:42:50 GMT https://community.cisco.com/t5/network-access-control/acs-issue-with-asa/m-p/1721843#M273076 sajism220 2011-06-02T11:42:50Z https://community.cisco.com/t5/network-access-control/acs-issue-with-asa/m-p/1721844#M273077 <HTML><HEAD></HEAD><BODY><P>Hi Saji,</P><P></P><P>This is cool.. Please ensure that you give me a timestamo when the issue occurs as well. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>Regards,<BR />Anisha</P><P></P><P>P.S.: please mark this post as answered if you feel your query is resolved. Do rate helpful posts.</P></BODY></HTML> Thu, 02 Jun 2011 16:28:10 GMT https://community.cisco.com/t5/network-access-control/acs-issue-with-asa/m-p/1721844#M273077 andamani 2011-06-02T16:28:10Z