Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


TACACS+ configuration for Cisco ASA

I tired configuring TACACS+ configuration for ASA but unable to complete it. I have ACS 3.3 for all other Cisco Routers and Switches



If you post the configuration of the ASA we might be able to see what the issue is. But so far we do not have nearly enough information to analyze the problem.





So the problem lies in ASA but not ACS authentication or authorization issue?

Because it is not convenient for me to post the config can u tell me what is the typical configuration for ASA to communicate with ACS via RSA tokens?

I search at Cisco website but they never say how to do it. Plus currently my wireless controllers and ASA GUI are unable to use RSA tokens to authenticate.

Really need some help from all expert out there.

Thank you very much


We do not yet know for sure where the problem is. But based on your description of the symptoms I believe that it is more likely a problem in configuration of the ASA then in the ACS or the RSA tokens. If we get additional information and believe that it is not an ASA configuration issue then we can look at the ACS and the RSA tokens for possible issues.

There are several options in how to configure the ASA and it would be better if we could see how you have configured the ASA rather than attempt to guess which configuration options would fit your circumstance.





ok my ASA and wireless controllers authenticate using TACACS+ through ACS. Currently my local database in ACS works but when i start using RSA the GUI failed to lunch and got hang. It seemed that it authenticate successful at RSA but when returned the credential to ASA it failed.

Why is this so? Has anyone tried using RSA tokens and able to authenticate w ASA and wireless controllers GUI.


I was looking around and come across this post. It's very late, however, wanted to add my inputs for other community members.

RSA Token/One-Time-Password support available with ASDM only in SINGLE ROUTED MODE. If you are in Single Routed Mode, you can do OTP with ASDM if you are running ASA 8.2+  with ASDM 6.2+.

If the firewall is running in multi-context and transparent mode. It won't work. Below is the enhancement request that was filed for the same feature to be supported.

CSCtf23419    ASDM OTP authentication support in multi-context and transparent modes

With WLC is yet not possible and there is a enhancement request filed.

CSCuf61598    WLC: Need ability to support multiple sessions via OTP authentication

Jatin Katyal

**Do rate helpful posts**

Ravi Singh
Rising star

Please see the below guide for TACACS+ configuration on ASA

Recognize Your Peers
Content for Community-Ad

ISE Webinars

Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube