cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1183
Views
20
Helpful
4
Replies

which is the equivalent to "ip tacacs source-interface" in FW ASA

Hi. I need to authenticated my Cisco ASA with a Tacacs Server that is located through the outside interface. But I need specified the request with the ip address inside. I've been searching but can't find anything . Someone know how can I do this?ASA, tacacs, authentication, AAA

4 Replies 4

Sheraz.Salim
VIP Advisor VIP Advisor
VIP Advisor

If your tacas server is at outside in that case you have to specify the outside interace. unless you do a nat

 

Sorrry i did not read properly

 

aaa-server Name (outside) host X.X.X.X

 

*Name = Enter a AAA server group

please do not forget to rate.

Hi. Umm no. That It's a normal configuration. But our case. The tacacs server doesn't allow IP of the outside subnet (it's public). the server only allows IP addresses from the Inside segment 

 

tacacs.jpg

Is there a site to site vpn between ASA and the Tacacs? might you consider creating one as you request is the Tacacs server only allow the inside address. having a site to site tunnel will fix this issue.

please do not forget to rate.

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

example :

 

 aaa-server servergroup1 outside host x.x.x.x

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers