cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


275
Views
1
Helpful
1
Replies
Highlighted
Beginner

ASA 'failover exec' issue with TACACS

Hi,

I have a setup with 2 ASA in failover (active/standby). We want to use the failover exec command. We have a Cisco ISE acting as a TACACS server. Within ISE we control from witch IP the connection come from.

When doin the failover exec command, the standby unit show that the command was initiated form the IP 0.0.0.0 . We do not feel good to put that IP in our ruleset.

Is their a workaround.

Thanks

Everyone's tags (3)
1 REPLY 1
Cisco Employee

Re: ASA 'failover exec' issue with TACACS

The workaround is: - create a user account "enable_1" on TACACS+ server with any random password; - grant "privilege = 15" and full access on all commands to this user.