Unable to Authenticate enable password in PIX from TACACS server

Unanswered Question
Jul 31st, 2007
User Badges:


We have PIX 535 with Version 6.3(4). We have TACACS server running on LINUX.

The configuration that we have done for authenticating through PIX is as below:

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server TACACS+ (inside) host cisco timeout 5

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

aaa authentication telnet console TACACS+ LOCAL

aaa authentication enable console TACACS+

When we are doing telnet to the pix first username and passwords are taken from TACACS server. But enable password is not taking.

And after removing aaa authentication enable console TACACS+ we can login using the enable password configured locally in the pix.

But we want total control through TACACS.

Is their any way around?

Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rochopra Tue, 07/31/2007 - 03:02
User Badges:
  • Cisco Employee,


On tacacs server, go to user properties and configure TACACS enable authentication options to pick user pap password. This configuration is missing from TACACS server.


s.mazumdar Tue, 07/31/2007 - 03:29
User Badges:


Thanks for your response.

As I have said earlier we have TACACS running on LINUX. Also we don't have any GUI running.

let me know what can be done on this situation.


This Discussion