Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
598
Views
0
Helpful
0
Replies

TACACS from Secondary ASA through VPN IPSec tunnel

Dranik
Level 1
Level 1

‎08-28-2020 10:50 AM

Hello,

I have pair of ASAs in Active/Standby HA mode. ASAs have VPN tunnel going out to the data center where ISE (TACACS) servers are. I can use TACACS for the Active unit, but it seems like Standby unit can't get to ISE at all, it just times out. Since all VPN tunnels are built on Active unit, Standby unit tries to route outgoing traffic to it's own Outside interface which goes nowhere and it never makes it to Active unit to send traffic over the VPN tunnel. 

The issue is only for outgoing connection from the Secondary unit. Incoming connections (such as SSH, HTTP) work, I added appropriate NAT statement for that.

 

Any ideas how to make it work please? 

Thanks,    

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents