In https://supportforums.cisco.com/message/3953175#3953175 thread, I was able to get the ACS 5.2 work with SRX for both SSH CLI and J-Web TACACS+ accounts. However, I found the behavior is different on our production environment. I found our ACS 5.2 ...
I am trying to get the TACACS+ work on SRX 11.4R7.5. However during my packet capture on SRX. I found the SRX sent authorzation request with service=junos-exec but ACS returns no value. that cause the SRX to use the "remote" as local-user-name and ta...
Marc-Andre, Brilliant idea by using the route recursive look up. Inspired by your idea, I come up a easier configuration for this since I need to find a solution on similar scenario. For the scenario that a single ASA (or Active-Standby HA cluster) h...
For the scenario that a single ASA (or Active-Standby HA cluster) has two ISP uplinks, one as primary and the other as backup. We want to ensure the SLA check more than the direct connected GW. So we can just use one remote "TestTargetIP" (in my case...
Simon,Your configuration looks fine and your show cli authorization showing the correct "local-user-name" replied from ACS. So the only thing I can think of could be a software bug, since you are running old 9.6R1.13. I will suggest you try to upgrad...
I uploaded the text file I created and shared with anyone. This is my first time on this forum, Hopefully I did it right. Please check if you can see the document "How to configure ACS 5.2 for SRX TACACS+ Authentication and RBAC.rtf" file.
After I did my lab test again from scratch. I believed I understand the whole process now and I can point out all problems that other people having when enabling TACACS+ account with Cisco ACS 5.2 servers.Case 1: If Your ACS was not configured to res...
