07-16-2008 07:32 AM - edited 03-10-2019 03:58 PM
I have an ACS 4.1 Windows server running TACACS. It si working on all devices within the enterprise except for one new ASA at a remote site. There is no NAT going on or anything and the ASA can ping the ACS box and the ACS box can ping the ASA.
I added the configuration below but the authentication fails and no requests come to the ACS server
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ host 10.x.x.x
key password
aaa authentication ssh console TACACS+ LOCAL
aaa authentication enable console TACACS+ LOCAL
aaa authentication http console TACACS+ LOCAL
Any help would be greatly appreciated
07-16-2008 10:31 AM
Hi,
Is there any FW device in between which may be blocking the TACACS ports ?
Also run this test on the ASA box :-
myASA# test aaa-server authentication TACACS+ host 10.x.x.x
07-17-2008 07:58 AM
There are no firewalls in between the devices, I ran the test command and recieved the following:
ERROR: Authentication Server not responding: No error
07-17-2008 09:50 AM
Just to confirm - did you add the ASA box as AAA client on the ACS server and are you using the same KEY here in the ASA config?
07-18-2008 07:16 AM
hey can somebody help me also, iam also having the same probelm.
07-18-2008 07:22 AM
Please check shared secret key. Remember NDG key overwrites aaa client key.
Make sure acs should have correct ip address of asa in network configuration.
Do you see any hits on acs failed or passed attempts ? Also try increasing the tacacs timeout to 15 sec.
07-18-2008 08:31 PM
make sure the address you've added to ACS is the one the ASA is communicating from - in this case, it should be the interface closest to the ACS device.
07-21-2008 05:40 AM
The ASA which is experiencing issues connects to the subnet the ACS box is on over a IPSec tunnel. There are numerous other ASA configured just like this and they are configured with the inside IP address on the ACS server.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide