PIX 525 aaa authentication with both tacacs and local

mferhai · ‎01-14-2005

Hi,

I have configured the aaa authentication for the PIX with tacacs protocol (ACS Server).

It works fine, now i would like to add the back up authentication, as follows:

- If the ACS goes down i can to be authenticated with the local database.

Is it possible with PIX, if yes how?

sstudsdahl · ‎01-14-2005

You need to be running PIX OS 6.3(4) in order to have a a fallback aaa authentication method. On the line that you have TACACS+ authentication setup, just add LOCAL to it for the fallback method. The command should look like:

aaa authentication ssh console TACACS+ LOCAL

This of course will change based upon the access method you choose, ie, HTTP, CONSOLE, or SSH/TELNET.

Steve

mferhai · ‎01-14-2005

Thanks for your help,

This is what i did ...now i understand where was the problem. in deed, i have 6.3(3) so i need to upgrade the IOS of the PIX.

I will let you know once it will done

Regards

shankar_sify · ‎01-15-2005

Hi,

I am trying to configure aaa using TACACS+ , i am not able to close.Problems are

1.It dosent ask for username /password in first level.

2.on second level it asks for user name it dosent authenticate the user .

Cud u pls let me know if the following config is correct.If not cud u help me .

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ (outside) host ip.ip.ip.ip key timeout 15

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

aaa authentication include tcp/0 inside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 TACACS+

aaa authentication include tcp/0 outside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 TACACS+

aaa authen enable console TACACS+