Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1274
Views
0
Helpful
0
Comments

TACACS+ authentication for IPSec does not work on routers running Cisco IOS version 12.3

TCC_2
Level 10
Level 10

on ‎06-22-2009 05:04 PM

Core issue

This issue occurs due to the presence of the Cisco bug ID CSCec59692.

Routers that terminate VPN client connections on Cisco IOS  12.3 code fail to authenticate users through TACACS+. The authentication of other users, such as dial-in users, functions fine to TACACS+. When requests leave the router to the TACACS+ server, the authentication does not fail.

This problem occurs in Cisco IOS 12.3 mainline and 12.3T-based codes. The current suspicion is that prior code is not affected. This issue is not observed on non-VPN traffic.

Refer to all affected versions for a list of other Cisco IOS versions that hit this bug.

Resolution

As a workaround, either use local authentication, or download and upgrade the Cisco IOS version to one of these versions:

  • 12.4(2.10)

  • 12.4(2.10)T
Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents