This issue occurs due to the presence of Cisco bug ID CSCsd46369.
The TACACS+ packets sent by the router or switch to the TACACS+ server contain the wrong IP source address. This occurs even though the configuration identifies a specific interface to be used as the IP source address. The TACACS+ server rejects some of the Authentication, Authorization, and Accounting (AAA) requests because they arrive with an unknown IP source address.
This issue is observed on a Cisco 3845 router running Cisco IOS Software 12.4(5) (c3845-adventerprisek9_sna-mz.124-5.bin). Refer to All Affected Versions for other Cisco IOS versions affected by this bug.
As a workaround, perform one of these steps:
Configure entries for each IP address in use at each Network Attached Storage (NAS) on the TACACS+ server.
Downloadand upgrade the Cisco IOS to any of these versions:
If you are just starting with Threat Response for the first time, use our quick start guides for Umbrella, Email Security, or Firepower. You can also check out our module configuration videos on YouTube and the in-product configuration details.
If you own AMP for Endpoints, you can manage users within the AMP dashboard. If you have other Cisco products, you can manage users at https://castle.amp.cisco.com/my/users.
Learn more about Threat Response here, or check out other FAQs here.
Threat Response is free with selected Cisco Security products. To get access, simply go to the login page for your region - NA, EU, or APJC* - and either log in or click to create an account. You can also watch this 1 min video on creating...