cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1528
Views
0
Helpful
6
Replies

ACS 4 configuration issue

kjanakiraman
Level 1
Level 1

I had set up Cisco ACS for TACACS authentication for Cisco Aironet and Cisco ASA. Unfortunately the server crashed and i did not have backup. But i had the secret key and other server information. I re-installed the Cisco ACS and could successfully autenticate to Cisco Aironet, but cisco ASA is giving me access denined when trying through SSH by giving username and password. Under ACS

Created username and password and remaining i left for group setting. under group setting i enabled shell (exec) and privilige level 15. I made the maximum privilge level for AAA clients to 15 and tried enabling and disabling the command level authroization and checked allow unmatched argument, but still getting the same error. The cisco site is also referring to the same. Is there any option i am missing out? Request assistace since i am not able to connect to the ASA.

Thanks in Advance

6 Replies 6

royalblues
Level 10
Level 10

Didn't you have a secondary authentication mechanism enabled on the ASA if the TACACS+ fails

Narayan

No i do not have. I was setting up the environment when the server crashed and hence no backup. I am sure that once i get the TACACS configured, things should be fine since using the same TACACS i was able to connect back to cisco Aironet

Hi,

Please check the failed attempts log in ACS and let us know what is the authen-error-code.

Regards,

Vivek

In the failed attempts i am getting "un-known" When iam trying to initiate a telent connection, in the console of the Pix i could see "aaa server host machine not responding". I believe there is some setting in the ACS which i am missing out.

Hi,

I believe you are getting UnKnown Nas error. Please add the device in the network configuration as a AAA client. Make sure you are using the right protocol (Tacacs/Radius) and right key as per device config.

Regards,

Vivek

I have the configuration in the network configuration option. What else could be the reason?