Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
304
Views
0
Helpful
3
Replies

Enrolling ASA to ACS

fatalXerror
Level 5
Level 5

‎05-12-2015 08:58 PM - edited ‎03-12-2019 05:45 PM

Hi Experts,

 

Good Day!

 

I need help for my implementation of AAA in ASA. Technically, my ASA has a 2 interfaces which are listed below,

  • INTERNAL
  • Management

My ACS is located at the INTERNAL interface but we need to enroll in the ACS the Management IP of the ASA which is in the Management interface. So, my configuration of AAA look like below,

aaa-server ACS protocol tacacs+

  max-failed-attempts 3

  accounting-mode simultaneous

aaa-server ACS (INTERNAL) host <acs-ip-address>

  key <shared-secret>

My question is, should I configure INTERNAL or Management in the "aaa-server" command? 

 

Thanks,

 

niks

Labels:
0 Helpful
3 Replies 3

Pavel Trinos
Level 1
Level 1

‎05-13-2015 05:28 AM

I do not think you can do that. You will need to specify your inside IP in ACS.

0 Helpful

fatalXerror
Level 5
Level 5
In response to Pavel Trinos

‎05-13-2015 08:17 AM

Hi Pavel,

 

Good Day!

 

Unless there's a link from MGMT port to ACS right? 

 

Thanks

0 Helpful

Henrik Grankvist
Level 4
Level 4

‎05-13-2015 12:52 PM

If you do "show route <IP-of-ACS-server>" it will tell you the answer. It should be the interface that the server is reached on.

0 Helpful
Customers Also Viewed These Support Documents