How to remove aaa-server from PIX
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2013 07:36 AM - edited 03-10-2019 08:10 PM
At one point I'd setup access for a VPN. I would now like to remove it, but can't find a way to "no" out the commands. Here's config from my PIX 506e:
***
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
- - -
access-list 101 permit tcp any host xx.xx.xxx.xxx eq 2000
access-list 101 permit tcp any host xx.xx.xxx.xxx eq 2002
access-list 101 permit tcp any host xx.xx.xxx.xxx eq h323
access-list 101 permit udp any host xx.xx.xxx.xxx eq 2427
access-list 101 permit udp any host xx.xx.xxx.xxx eq 5060
access-list 101 permit udp any host xx.xx.xxx.xxx eq 5062
---
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
***
I've tried "no aaa-server TACACS+ protocol tacacs+" - I get "cannot remove pre-defined server_tags"
I'm not trying to remove them, I just want to turn aaa off.
Help?
Thanks,
Lane
- Labels:
-
AAA

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2013 07:52 AM
This is unlike IOS where you can do "no aaa new-model". You first need to remove tacacs configuration before you remove the server group. Could you please attach the complete running config from the firewall.
Jatin Katyal
- Do rate helpful posts -
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2013 09:34 AM
