https://community.cisco.com/t5/network-access-control/pix-aaa-authorization-with-tacacs-server/m-p/925681#M402234 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Thanks for the reply. I only tried with general AAA commands, not with source/destination address.</P><P></P><P>I just need to know what could be the mistake in my configurations and why it did not authenticate/authorize with my tacacs server.</P><P></P><P>Please advise</P><P>thanks</P><P></P></BODY></HTML> Tue, 11 Mar 2008 18:15:23 GMT pemasirid 2008-03-11T18:15:23Z https://community.cisco.com/t5/network-access-control/pix-aaa-authorization-with-tacacs-server/m-p/925679#M402214 <P>I configured AAA authorization in the my firewall but it works only for local username/password. PIX version 7.2(2) and ACS-SE 4.1.</P><P></P><P>Following are the steps I did.</P><P></P><P>1. Configure AAA on PIX (attached)</P><P>2. Add PIX as AAA Client in ACS and selected as TACACS </P><P>3. Other setting in ACS as attached</P><P></P><P>Note: Also I have RADIUS as same ACS for my VPN access and I add it as RADIUS client with different key.Moreover I could not see any failed logs on ACS</P><P></P><P>Can anyone tell me why I cant authenticate and authorize with TACACS+ server. Please advise.</P><P></P><P>Thanks</P><P></P><P></P><P></P><P></P><P> </P><P></P> Sun, 10 Mar 2019 22:42:34 GMT https://community.cisco.com/t5/network-access-control/pix-aaa-authorization-with-tacacs-server/m-p/925679#M402214 pemasirid 2019-03-10T22:42:34Z https://community.cisco.com/t5/network-access-control/pix-aaa-authorization-with-tacacs-server/m-p/925680#M402220 <HTML><HEAD></HEAD><BODY><P>Have you tried including commands to identify the type of traffic to be authenticated? Something along the lines of:</P><P>aaa authentication include telnet <INTERFACE_NAME> <SOURCE_ADDRESS> <SOURCE_MASK> <DESTINATION_HOST> <DESTINATION_MASK> my-group</DESTINATION_MASK></DESTINATION_HOST></SOURCE_MASK></SOURCE_ADDRESS></INTERFACE_NAME></P><P>aaa authorization include telnet <INTERFACE_NAME> <SOURCE_ADDRESS> <SOURCE_MASK> <DESTINATION_HOST> <DESTINATION_MASK> my-group</DESTINATION_MASK></DESTINATION_HOST></SOURCE_MASK></SOURCE_ADDRESS></INTERFACE_NAME></P><P></P></BODY></HTML> Tue, 11 Mar 2008 14:58:44 GMT https://community.cisco.com/t5/network-access-control/pix-aaa-authorization-with-tacacs-server/m-p/925680#M402220 artegall1 2008-03-11T14:58:44Z https://community.cisco.com/t5/network-access-control/pix-aaa-authorization-with-tacacs-server/m-p/925681#M402234 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Thanks for the reply. I only tried with general AAA commands, not with source/destination address.</P><P></P><P>I just need to know what could be the mistake in my configurations and why it did not authenticate/authorize with my tacacs server.</P><P></P><P>Please advise</P><P>thanks</P><P></P></BODY></HTML> Tue, 11 Mar 2008 18:15:23 GMT https://community.cisco.com/t5/network-access-control/pix-aaa-authorization-with-tacacs-server/m-p/925681#M402234 pemasirid 2008-03-11T18:15:23Z https://community.cisco.com/t5/network-access-control/pix-aaa-authorization-with-tacacs-server/m-p/925682#M402245 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P></P><P>1.aaa authentication telnet console my-group LOCAL</P><P> aaa authentication enable console my-group LOCAL</P><P></P><P> These commands on pix are for telnet and enable only, if you are accessing the device thro SSH or console, this wouldnt work.</P><P></P><P>2.Also confirm if both the AAA servers hav the keys specified in the PIX config.</P><P></P><P>aaa-server my-group host 172.20.20.11</P><P> key XXXXXXXX &lt;------------------------------ key</P><P>aaa-server my-group host 172.20.20.12</P><P> key cisco123</P><P></P><P>3.Also there are lots of timeouts, may be the PIX cant reach the server.</P><P></P><P>"Number of timeouts 153"</P><P></P><P>4.Do a "debug aaa [ accounting | authentication | authorization ] and check the logs.</P><P></P><P></P><P>Reg,</P><P>U</P></BODY></HTML> Wed, 12 Mar 2008 02:07:22 GMT https://community.cisco.com/t5/network-access-control/pix-aaa-authorization-with-tacacs-server/m-p/925682#M402245 uaravind7 2008-03-12T02:07:22Z https://community.cisco.com/t5/network-access-control/pix-aaa-authorization-with-tacacs-server/m-p/925683#M402252 <HTML><HEAD></HEAD><BODY><P>Hi U,</P><P></P><P>I configured telent and enable only. I'm trying to access thro telnet only. server keys are ok. only prob its seems that server is not responding and only authenticate with local username/password.</P><P></P><P>Any clue?</P><P></P><P>thanks</P></BODY></HTML> Wed, 12 Mar 2008 05:07:46 GMT https://community.cisco.com/t5/network-access-control/pix-aaa-authorization-with-tacacs-server/m-p/925683#M402252 pemasirid 2008-03-12T05:07:46Z