We have PIX 535 with Version 6.3(4). We have TACACS server running on LINUX.
The configuration that we have done for authenticating through PIX is as below:
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server TACACS+ (inside) host 172.17.96.198 cisco timeout 5
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa authentication telnet console TACACS+ LOCAL
aaa authentication enable console TACACS+
When we are doing telnet to the pix first username and passwords are taken from TACACS server. But enable password is not taking.
And after removing aaa authentication enable console TACACS+ we can login using the enable password configured locally in the pix.
But we want total control through TACACS.
Is their any way around?
Thanks in advance.