Don't work telnet after enabling AAA on FWSM

msamoilov · ‎10-08-2011

After enabling AAA FWSM lost opportunity telnet session. FWSM version 3.2(5). In the logs show that resets itself FWSM telnet session.

Conf.

aaa-server TACACS+ (management) host 192.2.151.111

key

aaa authentication ssh console TACACS+ LOCAL

aaa authentication enable console TACACS+ LOCAL

aaa authentication telnet console TACACS+ LOCAL

aaa authorization command TACACS+ LOCAL

aaa accounting telnet console TACACS+

aaa accounting command TACACS+

telnet 192.2.0.0 255.255.0.0 management

interface Vlan9

nameif management

security-level 100

ip address 192.2.252.84 255.255.255.0 standby 192.2.252.89

management-only

Jennifer Halim · ‎10-08-2011

Is your TACACS server connected to the management interface and you have route for 192.2.151.111 via the management interface?

msamoilov · ‎10-09-2011

yes

msamoilov · ‎10-10-2011

Logs

Oct 07 2011 11:31:28: %FWSM-6-302013: Built inbound TCP connection 0 for management:192.2.23.82/2122 (192.2.23.82/2122) to management:192.2.252.84/23 (192.2.252.84/23)

Oct 07 2011 11:31:28: %FWSM-6-302014: Teardown TCP connection 0 for management:192.2.23.82/2122 to management:192.2.252.84/23 duration 0:00:00 bytes 124 TCP Reset-I

Oct 07 2011 11:31:32: %FWSM-6-302013: Built outbound TCP connection 0 for management:192.2.252.84/1048 (192.2.252.84/1048) to management:192.2.215.111/49 (192.2.215.111/49)

Oct 07 2011 11:31:32: %FWSM-6-302014: Teardown TCP connection 0 for management:192.2.252.84/1048 to management:192.2.215.111/49 duration 0:00:00 bytes 638 TCP FINs

sometimes in logs

Oct 07 2011 11:58:16: %FWSM-6-106015: Deny TCP (no connection) from 192.2.151.112/1884 to 192.2.252.84/23 flags RST on interface management

Oct 07 2011 11:58:18: %FWSM-6-106015: Deny TCP (no connection) from 192.2.151.112/1884 to 192.2.252.84/23 flags RST on interface management

Maybe on the management interface must be configured mask 255.255.0.0?