Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1650
Views
20
Helpful
4
Replies

which is the equivalent to "ip tacacs source-interface" in FW ASA

Diego Gustavo Tejada Rodriguez
Level 1
Level 1

‎09-14-2021 11:12 AM

Hi. I need to authenticated my Cisco ASA with a Tacacs Server that is located through the outside interface. But I need specified the request with the ip address inside. I've been searching but can't find anything . Someone know how can I do this?ASA, tacacs, authentication, AAA

Labels:
0 Helpful
4 Replies 4

Sheraz.Salim
VIP
VIP

‎09-14-2021 12:19 PM - edited ‎09-14-2021 12:31 PM

If your tacas server is at outside in that case you have to specify the outside interace. unless you do a nat

 

Sorrry i did not read properly

 

aaa-server Name (outside) host X.X.X.X

 

*Name = Enter a AAA server group

please do not forget to rate.

Diego Gustavo Tejada Rodriguez
Level 1
Level 1
In response to Sheraz.Salim

‎09-14-2021 01:22 PM

Hi. Umm no. That It's a normal configuration. But our case. The tacacs server doesn't allow IP of the outside subnet (it's public). the server only allows IP addresses from the Inside segment 

 

tacacs.jpg

Sheraz.Salim
VIP
VIP
In response to Diego Gustavo Tejada Rodriguez

‎09-14-2021 01:52 PM

Is there a site to site vpn between ASA and the Tacacs? might you consider creating one as you request is the Tacacs server only allow the inside address. having a site to site tunnel will fix this issue.

please do not forget to rate.

balaji.bandi
Hall of Fame
Hall of Fame

‎09-14-2021 12:23 PM

example :

 

 aaa-server servergroup1 outside host x.x.x.x

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Customers Also Viewed These Support Documents