I have posted another Discussion regarding the same, Unfortunately still looking for response.
I am now not able to find my old post here :-( . Pls find the problem we are facing again.
1) Our ASA 5525 (configured in Active - Passive Mode) is not getting authenticating through TACACS (ACS) credentials since 2 days. earlier it were working fine. Seems logical connectivity between ASA and ACS breaked up. We suspecting some routing issue at ASA or wrong policy implemented accidently by team member.
2) We are able to logged into ASA by local password , But ASA is not allowing to run any command . we are getting message "Command Authorization failed" on execution of any CLI command.
Overall, we are not able to check any routing issue or wrong policy on ASA.
ACS related configuration on ASA are as (taken from Backup cofniguration we have).
So your problem is the "aaa authorization command ACS" line. I am 99% sure you have locked yourself out because what this says is all commands must be authorized by ACS and if ACS is unreachable fail.You needed the local keyword after it to fall back to using the privilege level if ACs is unreachable. At this point your only option is password recovery.