Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
687
Views
1
Helpful
1
Replies

ASA 'failover exec' issue with TACACS

PATRICK ROCH
Level 1
Level 1

‎06-09-2017 07:00 AM

Hi,

I have a setup with 2 ASA in failover (active/standby). We want to use the failover exec command. We have a Cisco ISE acting as a TACACS server. Within ISE we control from witch IP the connection come from.

When doin the failover exec command, the standby unit show that the command was initiated form the IP 0.0.0.0 . We do not feel good to put that IP in our ruleset.

Is their a workaround.

Thanks

Labels:
1 Reply 1

Farhan Mohamed
Cisco Employee
Cisco Employee

‎06-12-2017 05:23 AM

The workaround is: - create a user account "enable_1" on TACACS+ server with any random password; - grant "privilege = 15" and full access on all commands to this user.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card