Problem while configuring AAA on PIX ver 6.3 using CS ACS 4.1 Appliance

sahmedshahcsd · ‎01-05-2008

Hello,

I am having problem while configuring AAA on PIX running IOS Ver.6.3 for administrative access through Telnet.

I enabled AAA commands for telnet on PIX and associated to ACS 4.1 Appliance and tested authentication using both RADIUS and TACACS+ it didnt worked.

I followed the documentation but no authentications either passed or failed are reported on ACS also failing in authencticating local user from local database on PIX

Any suggestions will be appreciated

Thanks in advance

Regards,

Ahmed

Richard Burts · ‎01-05-2008

Ahmed

If I am understanding correctly that after you configured that you tested and there is no indication in either the successful authentication or in the failed attempts reports then my best guess is that the authentication request never gets to to the ACS.

The first thing that I would want to test would be to verify IP connectivity between the PIX and the ACS server. Can the PIX ping the ACS server? If you have configured the PIX to respond to ping, can the ACS server ping the PIX?

A second question would be whether there is any device along the path between the PIX and the ACS server that might not allow the packet through (is there any access list on any router in the path)?

It would also be helpful if you would post the configuration from the PIX.

HTH

Rick

HTH

Rick