Unable to get AAA to work over a DSL connection

Unanswered Question
Aug 1st, 2007

We have several routers in the field that have DSL and use a VPN tunnel to get back to resources on the corporate network. I am trying to set up AAA on these routers to authenticate through our ACS server here, but I have been running into problems getting it to work..

As of now, we have router access via telnet into the outside IP address on the router. I have attempted to set up AAA with the outside address on the ACS server using TACACS+ and it still will not authenticate through the server, but I can still log in with the local username.

Any help to get this resolved would be appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rochopra Wed, 08/01/2007 - 14:55


run following debug and check where is the request going:

debug aaa authentication

debug tacacs

check failed attempts in ACS, if you are getting any hits on ACS

try following command to specify the interface to which ACS is connected

ip tacacs source interface


erik.doss Wed, 08/01/2007 - 15:29

I just looked at our PIX and those packets are being denied to the TACACS server, so it looks like I have some work to do on that acl to let hose packets in.


This Discussion