06-12-2007 08:44 AM - edited 03-10-2019 03:12 PM
Hi,
Please help me to configure the tacacs in PIX 515E firewall.
06-12-2007 08:48 AM
Hi,
Are you looking for commands ? If that is the case then here it is,
PIX ( CODE 6.3.4 )
username Test password cisco
username Test privilege 15
aaa-server TACACS protocol tacacs+
aaa-server TACACS (outside) host 10.130.102.191 cisco timeout 10
aaa authentication http console TACACS LOCAL
aaa authentication ssh console TACACS LOCAL
aaa authentication telnet console TACACS LOCAL
aaa authentication enable console TACACS LOCAL
Hope that helps !
Regards,
Jagdeep
Note: If that answers your question, then please mark this thread as resolved, so that others can benefit from it.
06-18-2007 09:21 PM
Hello. If I wanted to configure the PIX for authentication from an ACS server, what else would I need apart from the following:
aaa-server Admin-FW protocol tacacs+
aaa-server Admin-FW max-failed-attempts 3
aaa-server Admin-FW deadtime 10
!
aaa-server Admin-FW (inside) host 192.168.2.9 access timeout 10
!
aaa authentication serial console Admin-FW
aaa authentication telnet console Admin-FW
aaa authentication ssh console Admin-FW
AFAIK, I have not specified what IP addresses that someone can telnet from to log onto the PIX. I have tried the following, but I'm sure I haven't provided the correct statements:
aaa authentication include telnet inside 192.168.0.0 255.255.0.0 Admin-FW
... and I get a Username / Password prompt on the PIX but it keeps asking for a username and password. I know my TACACS account is fine since I can log onto routers with the same details as what I am using to authenticate to the PIX.
I also ran a debug on the PIX when I was trying to authenticate. The output is attached.
The PIX is a 515E 6.3(5).
Thanks,
Timothy
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: