12-12-2011 06:19 AM - edited 03-10-2019 06:37 PM
Hello,
I have configured ACS 5.1 and using Tacacs. I have two juniper SSG140 FW's in different subnet. Tacacs authentication is working on one SSG140 FW, but not on the other one. Tacacs configuration on both FW's are exactly the same. Both FW's have been added in the ACS server with the same shared secret key same profile etc. I don't even see the authentication requests from the FW. ACS can ping both FW's and vice versa. But no joy. Your help will apprecaited.
set auth-server "TACACS" id 1
set auth-server "TACACS" server-name "11.X.1XX.X"
set auth-server "TACACS" account-type admin
set auth-server "TACACS" timeout 15
set auth-server "TACACS" type tacacs
set auth-server "TACACS" tacacs secret "asd234k234l23kSLDF2343423242348SFL=="
set auth-server "TACACS" tacacs port 49
Rgds
12-14-2011 09:40 PM
Please capture the traffic b/w sourse and destination ,and check weather TACACS packets are reaching to ACS server or not .If you have 2 ACS servers (Primary & Secondary ) .Try to configure one by one in SSG140 FW's and check .
12-28-2011 04:27 AM
Hi,
Thanks for your instructions, I found the issue, which was to replace the command on the SSG140 FW from "admin auth server local" to "admin auth server TACACS".
Thx
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide