I have some issue with IOX Tacacs+ client at public domain, pointing to ACS at internal network, both ACS ia NAT by firewall.
Please refer to attached diagram.
When user login into the IOX device, it sucessful login but was not assgined with any usergroup. Therefore the user suppose to get let say usergroup root-system, it not assigned with any usergroup at all. So the user cannot even show run ( show run do not show any vonfig)
This problem do not appear at Internal IOX device, where it does not go thru firewall.Only IOX client in front of firewall pointing to ACS public NATted IP.
What can it goes wrong here ? Firewall need to open additional other application port ? So far tcp/49 is allow from public.
Regards