cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
379
Views
0
Helpful
1
Replies

TACACS via an ASA

dphills18
Level 1
Level 1

Is it possible for a Cisco device (router or switch) to authenticate to an ACS via an ASA utilizing a Network Address Translation. If so, what needs to be added to a config for this to take place.

1 Reply 1

Collin Clark
VIP Alumni
VIP Alumni

Sure it can (we do it). You just need to translate from outside to inside. Here is an example, assume ACS is 192.168.1.10.

static (inside,outside) 192.168.1.10 access-list TACACS tcp 65535 10000

Since the static uses an ACL, here is that part as well-

access-list TACACS extended permit ip host 192.168.1.10 host [public IP]

The public IP in our case is the internet router and it requires a static route for the private IP pointing to the firewall.

Hope that helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: