topic Re: Enable authentication doesn't work after upggrading to 6.3.5 in Network Security

Enable authentication doesn't work after upggrading to 6.3.5.145

rgolcher — Mon, 11 Mar 2019 14:08:47 GMT

I have 2 firewalls that were upgrade from 6.3.5.125 to 6.3.5.145 due to a DNS vulnerability. After I upgrade it, I can loggin using SSH but when I issue enable, it request the password and just hangs in there, some time later it requests the password again and if I check the logs it just says: aaa server host machine not responding.

However if I turn on telnet, enable autentication works, and the other 10 firewalls in the code 6.3.5.125 works just fine with the same tacacs server

Please help

Re: Enable authentication doesn't work after upggrading to 6.3.5

Fernando_Meza — Thu, 06 Nov 2008 04:48:22 GMT

Hi,

I suggest you to check the logs on the tacacs server when trying to authenticate using ssh. Also please post the output of:

show run | inc aaa

Re: Enable authentication doesn't work after upggrading to 6.3.5

rgolcher — Fri, 14 Nov 2008 23:24:29 GMT

there are no logs at the ACS when I issue the enable command and type the password just the firewall log saying that AAA SERVER is not reachable. Here is the sh run | in aaa:

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

aaa-server APIX02 protocol tacacs+

aaa-server APIX02 max-failed-attempts 3

aaa-server APIX02 deadtime 10

aaa-server APIX02 (inside) host 10.X.X.X ZAQ12wsxkdC timeout 5

aaa authentication telnet console APIX02

aaa authentication enable console APIX02

aaa authentication ssh console APIX02

aaa authentication http console APIX02

but using telnet it gets the same message the other 8 firewalls that are using ssh