This issue is due to presence of Cisco bug ID CSCsd46369.
In this issue the packets sent by the router or switch contain the wrong IP source address, even though the configuraiton identifies a specific interface to be used as the IP source address. The TACACS+ server rejects some of the AAA requests since they arrive with an unknown IP source address.
This issue is typically observerd on a 3845 that runs Cisco IOS Software Release 12.4(5) (c3845-adventerprisek9_sna-mz.124-5.bin).
The configuration included the line:
ip tacacs source-interface Loopback0
The workaround for this issue is to configure entries for each IP address in use at each NAS on TACACS+ server.
In order to completely resolve this issue, upgrade the router to any of these software releases:
Hi,we use EAP-TLS for machine and user auth. When certificates are installed, everything is fine. I am testing the scenario when the e.g. User certificate is not present. Anyconnect shows the warning that there is no certificate (dot1x fails) but network ...
Hello TogetherPlease i will open for LAN "Inside" the SSH Port. try with this commands but no postive result appair "Connection redused"i know iam on the right way, please and thanks for any Update:asa(config)# crypto key generate rsa general-keys modulus...
Hi all !I'm capturing Audit logs from FMC using tcpdump, but unfortunately I do not see any access policy changes in the logs : \I do get other logs like saving the configs etc, but when I edit the policy and add/remove/edit a rule , I get nothing on the ...
I am about to uprade two FTD 4110 FXOS. The first upgrade has been succeced on the Secondary and then I tried do run the same steps on the primery FTD. I has been runing upgrade in more than 2 hours on the primery FTD now and I am soure that some thing is...
Hello Community I'm following the doc https://www.cisco.com/c/dam/en/us/td/docs/security/content_security/virtual_appliances/Cisco_Content_Security_Virtual_Appliance_Install_Guide.pdf we have 3 interfaces for the virtual appliance. During c...