ACS 4 configuration issue

Unanswered Question
Apr 25th, 2007
User Badges:

I had set up Cisco ACS for TACACS authentication for Cisco Aironet and Cisco ASA. Unfortunately the server crashed and i did not have backup. But i had the secret key and other server information. I re-installed the Cisco ACS and could successfully autenticate to Cisco Aironet, but cisco ASA is giving me access denined when trying through SSH by giving username and password. Under ACS

Created username and password and remaining i left for group setting. under group setting i enabled shell (exec) and privilige level 15. I made the maximum privilge level for AAA clients to 15 and tried enabling and disabling the command level authroization and checked allow unmatched argument, but still getting the same error. The cisco site is also referring to the same. Is there any option i am missing out? Request assistace since i am not able to connect to the ASA.


Thanks in Advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
royalblues Wed, 04/25/2007 - 08:37
User Badges:
  • Green, 3000 points or more

Didn't you have a secondary authentication mechanism enabled on the ASA if the TACACS+ fails


Narayan

kjanakiraman Wed, 04/25/2007 - 17:42
User Badges:

No i do not have. I was setting up the environment when the server crashed and hence no backup. I am sure that once i get the TACACS configured, things should be fine since using the same TACACS i was able to connect back to cisco Aironet

Vivek Santuka Thu, 04/26/2007 - 07:43
User Badges:
  • Cisco Employee,

Hi,


Please check the failed attempts log in ACS and let us know what is the authen-error-code.


Regards,

Vivek

kjanakiraman Thu, 04/26/2007 - 18:11
User Badges:

In the failed attempts i am getting "un-known" When iam trying to initiate a telent connection, in the console of the Pix i could see "aaa server host machine not responding". I believe there is some setting in the ACS which i am missing out.

Vivek Santuka Fri, 04/27/2007 - 04:21
User Badges:
  • Cisco Employee,

Hi,


I believe you are getting UnKnown Nas error. Please add the device in the network configuration as a AAA client. Make sure you are using the right protocol (Tacacs/Radius) and right key as per device config.


Regards,

Vivek

kjanakiraman Fri, 04/27/2007 - 06:14
User Badges:

I have the configuration in the network configuration option. What else could be the reason?

Actions

This Discussion