Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I'm currently running version 17.18.1 and I've put in all the commands that the Cisco 17.18.x configuration guide tells me. When I run a test with TACACS the debug log shows that I made a successful TLS connection with my Cisco ISE server and my ISE...
So I found out the solution or rather where I was messing up. It turns out that you can't use the aaa test command in legacy lol. It will build the TLS just fine but try to do the authenticating using the legacy port of 49. Once I tried to actuall...
Ether way the TLS connection establishes so that's not an issue. It is getting the aaa tacacs server to use the TLS connection (port 6049 in my case) for authentication.
I tried using the key as well and observed the same thing. When I don't have the key in once the TLS is establish and the error for invalid key comes up it never tries the authentication message. See below.*Feb 26 14:34:34.219: TACSEC_GET_DATA_BY_S...
Thank you for the reply. I do have a socket established, but as you can see it times out due to no response from the ISE. This is my tacacs server status.Tacacs+ Server - public :Tacacs+ Server - public :Server name: TACACSServer address: 172.16.x.x...
Not sure if you have already found the answer to your question, but the minimum version for the TLS commands to appear under the server tacacs portion of the config is 17.18.x.
