Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
363
Views
0
Helpful
0
Replies

ACS 5.4 1121 two NICs causes deny tcp (no connection) on ASA log

Scott Robertson
Level 1
Level 1

ā€Ž07-19-2013 10:21 AM - edited ā€Ž03-10-2019 08:40 PM

ASA ACS.jpg

Hello,

I have two ACS 1121 appliances and we have configured a second NIC port (Gig 0 and 1) on the appliances in seperate subnets.

Gig 0 Nic is configured with IP on my management VLAN 10.

Gig 1 Nic is configured on production VLAN 20 for TACACS authentication of my network devices.

The  Switch management IP is also in VLAN 10.

The ASA is spewing out Deny tcp (no connection) 49/ flags RST messages whenever I connect both ACS nics to network and attempt to login into my switch.

Seems like I have a routing issue. If I remove Gig 0 ASA does not complain with above error.

Switch has vlan 10 ip address as tacacs source interface and mgt ip.

Question : On the ACS 1121 appliance what should I set the ip default gateway to? VLAN 10 or VLAN 20 gateway?

Question: Should I remove  ip default gateway statement on ACS appliance when I have two nics connected?

Question: Will ACS 1121 attempt to respond to TACACS requests on both Gig 0 and 1 interfaces or just Gig 1?

We have a security requirement to have the ACS management interface in a mgt vlan (10) and another ACS interface for responding to tacacs request vlan (20).

Best regards

Scott

.

Labels:
Preview file
41 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents