ISE to Juniper Netscreen SSG 550

alellis29 · ‎03-26-2021

Hello

I need to how to configure ISE version 2.4.0.357 so tacacs login and authentication will work on a Juniper Netscreen SSG-550.

The problem is the username and password fails, and ISE reports unknown AAA not found. What do I need to load to get the SSG-550 to authenticate via ISE.

The config on the Juniper is below:

set-auth-server "Cisco-ACS" id 1

set-auth-server "Cisco-ACS" server-name "192.168.1.1"

set-auth-server "Cisco-ACS" account-type admin

set-auth-server "Cisco-ACS" type tacacs

set-auth-server "Cisco-ACS" tacacs secret Password123

set-auth-server "Cisco-ACS" type tacacs port 49

set auth default auth server "Cisco-ACS"

Marcelo Morais · ‎03-26-2021

Hi,

try the following link: ISE Security Ecosystem Integration Guides, search for Juniper.

Hope this helps !!!

Greg Gibbs · ‎03-28-2021

It sounds like you're wanting to use ISE for Device Administration of the Juniper device. See the steps for configuring the Network Device and Network Device Groups in the Cisco ISE Device Administration Prescriptive Deployment Guide.

The logs for unknown AAA device usually mean that either the Network Device has not been configured in ISE yet or ISE is seeing the TACACS/RADIUS request coming from a different IP address than the one that was configured for the NAD. Make sure you are sourcing the TACACS traffic from the same IP that you are configuring in ISE for the Juniper device.