cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
313
Views
0
Helpful
1
Replies
Highlighted
Beginner

ACS5.1 - IOX AAA ( behind Firewall)

I have some issue with IOX Tacacs+ client at public domain, pointing to ACS at internal network, both ACS ia NAT by firewall.

Please refer to attached diagram.

When user login into the IOX device, it sucessful login but was not assgined with any usergroup. Therefore the user suppose to get let say usergroup root-system, it not assigned with any usergroup at all. So the user cannot even show run ( show run do not show any vonfig)

This problem do not appear at Internal IOX device, where it does not go thru firewall.Only IOX client in front of firewall pointing to ACS public NATted IP.

What can it goes wrong here ? Firewall need to open additional other application port ? So far tcp/49 is allow from public.

Regards

1 REPLY 1
Cisco Employee

ACS5.1 - IOX AAA ( behind Firewall)

It's a good idea to check if the group assignement is done on ACS side in ACS logs.

It's either ACS not assigning it for some reason or the remote IOX clients not receiving the correct info because of a firewall