Re: which is the equivalent to "ip tacacs source-interface"

Diego Gustavo Tejada Rodriguez · ‎09-14-2021

Hi. I need to authenticated my Cisco ASA with a Tacacs Server that is located through the outside interface. But I need specified the request with the ip address inside. I've been searching but can't find anything . Someone know how can I do this?ASA, tacacs, authentication, AAA

Sheraz.Salim · ‎09-14-2021

If your tacas server is at outside in that case you have to specify the outside interace. unless you do a nat

Sorrry i did not read properly

aaa-server Name (outside) host X.X.X.X

*Name = Enter a AAA server group

please do not forget to rate.

Diego Gustavo Tejada Rodriguez · ‎09-14-2021

Hi. Umm no. That It's a normal configuration. But our case. The tacacs server doesn't allow IP of the outside subnet (it's public). the server only allows IP addresses from the Inside segment

Sheraz.Salim · ‎09-14-2021

Is there a site to site vpn between ASA and the Tacacs? might you consider creating one as you request is the Tacacs server only allow the inside address. having a site to site tunnel will fix this issue.

please do not forget to rate.

balaji.bandi · ‎09-14-2021

example :

 aaa-server servergroup1 outside host x.x.x.x

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

which is the equivalent to "ip tacacs source-interface" in FW ASA