cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

753
Views
0
Helpful
1
Replies
sbrooke
Beginner

ACS 5.3, ASA using TACACS+ forces to PAP?

As the title says I'm trying to have an ASA (8.2.3) auth against an ACS 5.3 using TACACS+.  It only works if I have PAP enabled on the ACS.  Obviously this concerns me.  I've found the following reference in the configuration guides:

TACACS+ Server Support

The ASA supports TACACS+ authentication with ASCII, PAP, CHAP, and MS-CHAPv1.

I can't figure out how to make the ASA use MS-CHAPv1 though.  Seems like it should be pretty simple.

Incidentally I was having the same problem with VPN auth's using RADIUS but I was able to fix that by enabling the password management option which is only available in CHAPv2.  Seems that option isn't available under TACACS+.

Any suggestions?

1 REPLY 1
Tim Glen
Beginner

As far as I am aware the asa will only use PAP to authenticate console exec logins. I wish it used chap-v2.

Sent from Cisco Technical Support iPhone App

Content for Community-Ad