07-20-2004 06:12 AM - edited 03-10-2019 07:55 AM
Can anyonbe help me with this...
on a cisco router you can configure it to attempt to authenticate against the ACS server, and fail over to the local password.
I want to set up the same on a PIX firewall, but can find no way to get it to use a local password when the server is unavailable.
Any pointers.
thanks
08-09-2004 03:58 PM
You have to be on the new PIX code, 6.3(4) that came out a few weeks ago. It allows a aaa failback.
Here are the commands to do it. In this example, I named the aaa server group TACACS+.
aaa-server TACACS+ (inside) host XXX.XXX.XXX.XXX {ACS_KEY} timeout {10}
aaa authentication ssh console TACACS+ LOCAL
aaa authentication enable console TACACS+ LOCAL
You can also use the aaa authorization command for ACS command authorization.
aaa authorization command TACACS+ LOCAL
The problem I'm having with this is that I can't console into the PIX while authorizing to the ACS Server.
08-25-2004 04:25 PM
Thanks a lot.
08-19-2004 11:16 AM
with pix 5.0(3)
with tacacs available
pix password: pix_internal_password
username: tacacs_user_name
password: tacacs_password
pix> enable
username: tacacs_user_name
password: tacacs_passord
pix#
when tacacs is down
pix password: internal_pix_password
username: pix
password: internal_pix_enable_password
*this takes awhile to timeout tacacs before accepting it*
pix> enable
username: pix
password: intermal_pix_enable_password
pix#
---------------------------------------------------
pix version 6.2(2)
with tacacs available
username: tacacs_username
password: tacacs_password
pix> enable
password: tacacs_configured_enable_password
pix#
without tacacs available
username: pix
password: internal_pix_enable_password
*takes awhile*
pix> enable
password: internal_pix_enable_password
*takes awhile*
pix#
this is the default behaviour of the pix. I only configured tacacs for login and enable on the pix. The recovery fuctionally is built into the pix as long as you have a password and enable password configured on the pix. Let me know if you have any other questions.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide