cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

797
Views
0
Helpful
2
Replies
Beginner

Acs is not receving Tacacs requests from Juniper SSG140

Hello,

I have configured ACS 5.1 and using Tacacs. I have two juniper SSG140 FW's in different subnet. Tacacs authentication is working on one SSG140 FW, but not on the other one. Tacacs configuration on both FW's are exactly the same. Both FW's have been added in the ACS server with the same shared secret key same profile etc. I don't even see the authentication requests from the FW. ACS can ping both FW's and vice versa. But no joy. Your help will apprecaited.

set auth-server "TACACS" id 1

set auth-server "TACACS" server-name "11.X.1XX.X"

set auth-server "TACACS" account-type admin

set auth-server "TACACS" timeout 15

set auth-server "TACACS" type tacacs

set auth-server "TACACS" tacacs secret "asd234k234l23kSLDF2343423242348SFL=="

set auth-server "TACACS" tacacs port 49

Rgds

2 REPLIES 2
Beginner

Acs is not receving Tacacs requests from Juniper SSG140

Please capture  the traffic b/w sourse and destination ,and check weather TACACS packets are reaching to ACS server or not .If you have 2 ACS servers (Primary & Secondary ) .Try to configure one by one in SSG140 FW's and check .

Highlighted
Beginner

Acs is not receving Tacacs requests from Juniper SSG140

Hi,

    Thanks for your instructions, I found the issue, which was to replace the command on the SSG140 FW from "admin auth server local" to "admin auth server TACACS".

Thx