Solved: Firewall authentication failing

ericohermoso · ‎11-23-2010

Hello,

I have acs4.2, i configured Network Device Group for firewall. In my NDG I have 3 firewall. I configured my firewall just for basic authentication.

I enter 2 username/password in my acs.

1.For my first firewall- 2 username/password are working fine.

2. My second firewall-only one username/password is working.

3. My third firewall- both username/password is working.

Of course, all the firewall has the same configuraiton in terms of authentication. When I checked reports or the logs, it says AUTHEN OK.

What seems the problem of this.? Note. shared secret is all the same,NDG/AAA CLIENTS - Firewall.

thank you.

cwallin · ‎11-23-2010

I would try to turn on "debug aaa" in all three firewalls and compare the output when you log on with a user that works, and a user that dont work.

Warning! Be careful when using debug commands, if the firewall is heavily loaded and you by accident turn on "debug all" you can cause big problems

cwallin · ‎11-23-2010

I would try to turn on "debug aaa" in all three firewalls and compare the output when you log on with a user that works, and a user that dont work.

Warning! Be careful when using debug commands, if the firewall is heavily loaded and you by accident turn on "debug all" you can cause big problems

ericohermoso · ‎11-23-2010

Hello,

thanks for the reply. I tried already the debug aaa .... but it did not give me an output.

cwallin · ‎11-23-2010

It didnt give you any output at all?

If so, I suspect you havent configured terminal logging, either do that or connect with a console cable.

ericohermoso · ‎11-23-2010

Hello,

Yes it didn't. Terminal monitor is also enabled. Maybe different command unlike the router. I'll try it again tomorrow.

I just wonder ACS gives me AUTHEN OK from the passed authentication and the firewall gives me also authentication successfull.

thanks and best regards.