07-20-2004 06:12 AM - edited 03-10-2019 07:55 AM
Can anyonbe help me with this...
on a cisco router you can configure it to attempt to authenticate against the ACS server, and fail over to the local password.
I want to set up the same on a PIX firewall, but can find no way to get it to use a local password when the server is unavailable.
Any pointers.
thanks
08-09-2004 03:58 PM
You have to be on the new PIX code, 6.3(4) that came out a few weeks ago. It allows a aaa failback.
Here are the commands to do it. In this example, I named the aaa server group TACACS+.
aaa-server TACACS+ (inside) host XXX.XXX.XXX.XXX {ACS_KEY} timeout {10}
aaa authentication ssh console TACACS+ LOCAL
aaa authentication enable console TACACS+ LOCAL
You can also use the aaa authorization command for ACS command authorization.
aaa authorization command TACACS+ LOCAL
The problem I'm having with this is that I can't console into the PIX while authorizing to the ACS Server.
08-25-2004 04:25 PM
Thanks a lot.
08-19-2004 11:16 AM
with pix 5.0(3)
with tacacs available
pix password: pix_internal_password
username: tacacs_user_name
password: tacacs_password
pix> enable
username: tacacs_user_name
password: tacacs_passord
pix#
when tacacs is down
pix password: internal_pix_password
username: pix
password: internal_pix_enable_password
*this takes awhile to timeout tacacs before accepting it*
pix> enable
username: pix
password: intermal_pix_enable_password
pix#
---------------------------------------------------
pix version 6.2(2)
with tacacs available
username: tacacs_username
password: tacacs_password
pix> enable
password: tacacs_configured_enable_password
pix#
without tacacs available
username: pix
password: internal_pix_enable_password
*takes awhile*
pix> enable
password: internal_pix_enable_password
*takes awhile*
pix#
this is the default behaviour of the pix. I only configured tacacs for login and enable on the pix. The recovery fuctionally is built into the pix as long as you have a password and enable password configured on the pix. Let me know if you have any other questions.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: