Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
306
Views
0
Helpful
1
Replies

Cisco 5525 ASA TACACS Authentication Problem.

netbeginner
Level 2
Level 2

‎11-12-2015 11:45 PM - edited ‎03-10-2019 11:14 PM

Hi Experts,

Due to some suspected recent policy implementation/changes on 5525 ASA , same is not getting autheticate on TACACs (ACS) However we are getting prompt for username/password.

We also have local username/password, through which we are able to logged into ASA but not able to execute any command , it's showing "command authorization failed". Like.

Cisco-asa> en
Password: ***********
Cisco-asa# conf t
Command authorization failed
Cisco-asa#

Due to this issue, we are also not getting authenticate on upper devices (above ASA).

Below is Configuration for ACS(TACACS) for reference (taken from old configuration backup)

aaa-server ACS protocol tacacs+
 accounting-mode simultaneous
aaa-server ACS (Inside) host 10.50.10.100
 key Cisco@123
aaa-server ACS (Inside) host 10.50.10.101
 key Cisco@123
user-identity default-domain LOCAL
aaa authentication enable console ACS LOCAL
aaa authentication http console ACS LOCAL
aaa authentication ssh console ACS LOCAL
aaa authorization command ACS
aaa accounting enable console ACS
aaa accounting ssh console ACS
aaa accounting command ACS

Requesting to pls guide for resolving the problem.

Rgds

*** 

Labels:
0 Helpful
1 Reply 1

Richard Bradfield
Level 6
Level 6

‎11-15-2015 10:49 PM

I think you could just delete the Authorization command, in my experience if you are allowed to login then you want to be authorised automatically,authentication is usually enough. 

0 Helpful
Customers Also Viewed These Support Documents