Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
569
Views
0
Helpful
1
Replies

PIX backdoor if AAA server fails

stretchlad
Level 1
Level 1

‎10-26-2005 06:15 AM - edited ‎03-10-2019 02:21 PM

Is it possible to have a backway into the PIX should the AAA server fail ie Console port access?

Currrntly we use AAA authentication, authorization and accounting with out Tacacs server. Pix configured as follows:

aaa-server TACACS+ protocol tacacs+

aaa-server ACS protocol tacacs+

aaa-server ACS host x.x.x.x xxxx

aaa authentication telnet console ACS

aaa authentication enable console ACS

aaa authorization command ACS

aaa accounting command ACS

To my mind once I access the serial port it will try and do enable authentication using AAA.

Thanks in advance.

Labels:
0 Helpful
1 Reply 1

hperez
Level 1
Level 1

‎10-31-2005 02:57 PM

There is usually one user configured inside the platform for backway access to the PIX

I mean, you are recommended to configure an user account into the pix, i say locally to grant access to the PIX in case AAA failure (PIX can contact AAA Server or AAA server down).

In the case you can not contact by lan (routing protocols or port failure), you always can access by console with this user.

Regards

Roberto

0 Helpful
Customers Also Viewed These Support Documents