Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1527
Views
0
Helpful
6
Replies

ACS 4 configuration issue

kjanakiraman
Level 1
Level 1

‎04-25-2007 06:29 AM - edited ‎03-10-2019 03:07 PM

I had set up Cisco ACS for TACACS authentication for Cisco Aironet and Cisco ASA. Unfortunately the server crashed and i did not have backup. But i had the secret key and other server information. I re-installed the Cisco ACS and could successfully autenticate to Cisco Aironet, but cisco ASA is giving me access denined when trying through SSH by giving username and password. Under ACS

Created username and password and remaining i left for group setting. under group setting i enabled shell (exec) and privilige level 15. I made the maximum privilge level for AAA clients to 15 and tried enabling and disabling the command level authroization and checked allow unmatched argument, but still getting the same error. The cisco site is also referring to the same. Is there any option i am missing out? Request assistace since i am not able to connect to the ASA.

Thanks in Advance

Labels:
0 Helpful
6 Replies 6

royalblues
Level 10
Level 10

‎04-25-2007 08:37 AM

Didn't you have a secondary authentication mechanism enabled on the ASA if the TACACS+ fails

Narayan

0 Helpful

kjanakiraman
Level 1
Level 1
In response to royalblues

‎04-25-2007 05:42 PM

No i do not have. I was setting up the environment when the server crashed and hence no backup. I am sure that once i get the TACACS configured, things should be fine since using the same TACACS i was able to connect back to cisco Aironet

0 Helpful

Vivek Santuka
Cisco Employee
Cisco Employee
In response to kjanakiraman

‎04-26-2007 07:43 AM

Hi,

Please check the failed attempts log in ACS and let us know what is the authen-error-code.

Regards,

Vivek

0 Helpful

kjanakiraman
Level 1
Level 1
In response to Vivek Santuka

‎04-26-2007 06:11 PM

In the failed attempts i am getting "un-known" When iam trying to initiate a telent connection, in the console of the Pix i could see "aaa server host machine not responding". I believe there is some setting in the ACS which i am missing out.

0 Helpful

Vivek Santuka
Cisco Employee
Cisco Employee
In response to kjanakiraman

‎04-27-2007 04:21 AM

Hi,

I believe you are getting UnKnown Nas error. Please add the device in the network configuration as a AAA client. Make sure you are using the right protocol (Tacacs/Radius) and right key as per device config.

Regards,

Vivek

0 Helpful

kjanakiraman
Level 1
Level 1
In response to Vivek Santuka

‎04-27-2007 06:14 AM

I have the configuration in the network configuration option. What else could be the reason?

0 Helpful
Customers Also Viewed These Support Documents