882
Views
1
Helpful
1
Replies
ASA 'failover exec' issue with TACACS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-09-2017 07:00 AM
Hi,
I have a setup with 2 ASA in failover (active/standby). We want to use the failover exec command. We have a Cisco ISE acting as a TACACS server. Within ISE we control from witch IP the connection come from.
When doin the failover exec command, the standby unit show that the command was initiated form the IP 0.0.0.0 . We do not feel good to put that IP in our ruleset.
Is their a workaround.
Thanks
Labels:
- Labels:
-
NGFW Firewalls
1 Reply 1

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2017 05:23 AM
The workaround is: - create a user account "enable_1" on TACACS+ server with any random password; - grant "privilege = 15" and full access on all commands to this user.
