configuring tacacs+ in pix515e

udayashankarsg · ‎06-12-2007

Hi,

Please help me to configure the tacacs in PIX 515E firewall.

Jagdeep Gambhir · ‎06-12-2007

Hi,

Are you looking for commands ? If that is the case then here it is,

PIX ( CODE 6.3.4 )

username Test password cisco

username Test privilege 15

aaa-server TACACS protocol tacacs+

aaa-server TACACS (outside) host 10.130.102.191 cisco timeout 10

aaa authentication http console TACACS LOCAL

aaa authentication ssh console TACACS LOCAL

aaa authentication telnet console TACACS LOCAL

aaa authentication enable console TACACS LOCAL

Hope that helps !

Regards,

Jagdeep

Note: If that answers your question, then please mark this thread as resolved, so that others can benefit from it.

tbogie_gvds · ‎06-18-2007

Hello. If I wanted to configure the PIX for authentication from an ACS server, what else would I need apart from the following:

aaa-server Admin-FW protocol tacacs+

aaa-server Admin-FW max-failed-attempts 3

aaa-server Admin-FW deadtime 10

!

aaa-server Admin-FW (inside) host 192.168.2.9 access timeout 10

!

aaa authentication serial console Admin-FW

aaa authentication telnet console Admin-FW

aaa authentication ssh console Admin-FW

AFAIK, I have not specified what IP addresses that someone can telnet from to log onto the PIX. I have tried the following, but I'm sure I haven't provided the correct statements:

aaa authentication include telnet inside 192.168.0.0 255.255.0.0 Admin-FW

... and I get a Username / Password prompt on the PIX but it keeps asking for a username and password. I know my TACACS account is fine since I can log onto routers with the same details as what I am using to authenticate to the PIX.

I also ran a debug on the PIX when I was trying to authenticate. The output is attached.

The PIX is a 515E 6.3(5).

Thanks,

Timothy