Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
482
Views
0
Helpful
1
Replies

ACS5.1 - IOX AAA ( behind Firewall)

tckoon
Level 1
Level 1

‎06-22-2011 08:33 AM - edited ‎03-10-2019 06:10 PM

I have some issue with IOX Tacacs+ client at public domain, pointing to ACS at internal network, both ACS ia NAT by firewall.

Please refer to attached diagram.

When user login into the IOX device, it sucessful login but was not assgined with any usergroup. Therefore the user suppose to get let say usergroup root-system, it not assigned with any usergroup at all. So the user cannot even show run ( show run do not show any vonfig)

This problem do not appear at Internal IOX device, where it does not go thru firewall.Only IOX client in front of firewall pointing to ACS public NATted IP.

What can it goes wrong here ? Firewall need to open additional other application port ? So far tcp/49 is allow from public.

Regards

Labels:
102018-ACS-TACACS Cisco TAC.vsd.zip
0 Helpful
1 Reply 1

Nicolas Darchis
Cisco Employee
Cisco Employee

‎06-23-2011 01:16 AM

It's a good idea to check if the group assignement is done on ACS side in ACS logs.

It's either ACS not assigning it for some reason or the remote IOX clients not receiving the correct info because of a firewall

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents