Acs is not receving Tacacs requests from Juniper SSG140

wahidayat007 · ‎12-12-2011

Hello,

I have configured ACS 5.1 and using Tacacs. I have two juniper SSG140 FW's in different subnet. Tacacs authentication is working on one SSG140 FW, but not on the other one. Tacacs configuration on both FW's are exactly the same. Both FW's have been added in the ACS server with the same shared secret key same profile etc. I don't even see the authentication requests from the FW. ACS can ping both FW's and vice versa. But no joy. Your help will apprecaited.

set auth-server "TACACS" id 1

set auth-server "TACACS" server-name "11.X.1XX.X"

set auth-server "TACACS" account-type admin

set auth-server "TACACS" timeout 15

set auth-server "TACACS" type tacacs

set auth-server "TACACS" tacacs secret "asd234k234l23kSLDF2343423242348SFL=="

set auth-server "TACACS" tacacs port 49

Rgds

sandeep.tk · ‎12-14-2011

Please capture the traffic b/w sourse and destination ,and check weather TACACS packets are reaching to ACS server or not .If you have 2 ACS servers (Primary & Secondary ) .Try to configure one by one in SSG140 FW's and check .

wahidayat007 · ‎12-28-2011

Hi,

Thanks for your instructions, I found the issue, which was to replace the command on the SSG140 FW from "admin auth server local" to "admin auth server TACACS".

Thx

Acs is not receving Tacacs requests from Juniper SSG140

ISE - O que precisamos saber sobre TACACS+

Nexus Dashboard: acs コマンドについて (version 3.x)

Cisco Nexus シリーズ : Radius/Tacacs+ のトラブルシューティング

StarOS: tacacs ユーザの idle-session threshold ついて

ISE - What we need to know about TACACS+