https://community.cisco.com/t5/network-security/asa-failover-exec-issue-with-tacacs/m-p/3418677#M134822 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I have a setup with 2 ASA in failover (active/standby). We want to use the failover exec command. We have a Cisco ISE acting as a TACACS server. Within ISE we control from witch IP the connection come from. </P><P></P><P>When doin the failover exec command, the standby unit show that the command was initiated form the IP 0.0.0.0 . We do not feel good to put that IP in our ruleset. </P><P></P><P>Is their a workaround.</P><P></P><P>Thanks</P></BODY></HTML> Fri, 09 Jun 2017 14:00:02 GMT PATRICK ROCH 2017-06-09T14:00:02Z https://community.cisco.com/t5/network-security/asa-failover-exec-issue-with-tacacs/m-p/3418677#M134822 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I have a setup with 2 ASA in failover (active/standby). We want to use the failover exec command. We have a Cisco ISE acting as a TACACS server. Within ISE we control from witch IP the connection come from. </P><P></P><P>When doin the failover exec command, the standby unit show that the command was initiated form the IP 0.0.0.0 . We do not feel good to put that IP in our ruleset. </P><P></P><P>Is their a workaround.</P><P></P><P>Thanks</P></BODY></HTML> Fri, 09 Jun 2017 14:00:02 GMT https://community.cisco.com/t5/network-security/asa-failover-exec-issue-with-tacacs/m-p/3418677#M134822 PATRICK ROCH 2017-06-09T14:00:02Z https://community.cisco.com/t5/network-security/asa-failover-exec-issue-with-tacacs/m-p/3418678#M134823 <HTML><HEAD></HEAD><BODY><P>The workaround is: - create a user account "enable_1" on TACACS+ server with any random password; - grant "privilege = 15" and full access on all commands to this user.</P></BODY></HTML> Mon, 12 Jun 2017 12:23:21 GMT https://community.cisco.com/t5/network-security/asa-failover-exec-issue-with-tacacs/m-p/3418678#M134823 Farhan Mohamed 2017-06-12T12:23:21Z