Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
549
Views
0
Helpful
3
Replies

tacacs+ authentication problem

Go to solution
Colin Higgins
Level 2
Level 2

‎09-09-2013 12:53 PM - edited ‎03-11-2019 07:35 PM

I have a ASA services module running in a 6500

I have configured a firewalled vlan for management (172.25.50.x) and applied a permissive access list inbound and outbound to it

I added the ASA as a client on the Cisco ACS (tacacs) server and double-checked the key

The ACS server can ping the firewall, and the firewall can ping the ACS server.

I've issued the following commands on the ASA

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server TACACS+ (mgmt) host 172.25.32.80 <key> timeout 5

aaa authentication ssh console TACACS+

username <user> password <password> priv 15

when I ssh to the ASA, the firewall is not using tacacs+. It is using the local database instead.

There is no activity i the ACS logs

So the firewall isn't even attempting to use tacacs+

Is there something I am missing here?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎09-09-2013 01:11 PM

Hello Colin,

Can you share

show run ssh

show run aaa

show run aaa-server

test aaa-server  TACACS+

172.25.32.80

username whatever

password whatever

And provide the outputs

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎09-09-2013 01:11 PM

Hello Colin,

Can you share

show run ssh

show run aaa

show run aaa-server

test aaa-server  TACACS+

172.25.32.80

username whatever

password whatever

And provide the outputs

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
Colin Higgins
Level 2
Level 2
In response to Julio Carvajal

‎09-10-2013 11:23 AM

When I did the test aaa-server it worked, and I realized I forgot to add

aaa authentication enable console TACACS+

to the ASA

this made everything work correctly. Thanks for your help!

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to Colin Higgins

‎09-10-2013 11:48 AM

Hello Colin,

So it was a problem with the enable password and not with the SSH authentication

Glad to know its up and running now

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top