Unable to access VPN 3030 after IP change / Password Reset

Unanswered Question
Oct 2nd, 2007


I have lost admin access from the network SSH / Web interface does not work after performing a password reset. I can only access the device through the console and using the default admin account. The VPN concentrator authenticates correctly the users etc. but the TACACS+ authentication test in the Admin AAA servers fails even though the ACS TACACS+ server authenticates correctly the user and it is reachable. There is something I'm missing in the config but don't know what.

What do I need to enable for this to work again?

Any help is much appreciated.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
ajagadee Tue, 10/02/2007 - 08:36


Since the User Authentication server and Admin Authentication server are configured in two different places, capture the logs when the test from the admin page fails. Also, do you see the request on the TACACS+ Server from the VPN3000.

Are the users and admin using the same server. Also, check for IP Reachability from the VPN3000 to the TACACS+ server and the server TCP Port is not being blocked by a firewall.

I hope it helps.



** Please rate all helpful posts **

niesommer Tue, 10/02/2007 - 09:28


I will check the log again when it fails. The TACACS and RADIUS server is the same for admins and users. the FW has allow ip any any for this device. The TACACS server is pingable from the VPN3000 GW. The request is seen on the ACS server and shows up in the permitted log. but still fails on the VPN 3000.



This Discussion