I am not able to Upload any Local Policys on PIX 6.3

Unanswered Question
Feb 18th, 2008

Hi Pls help me out for CSM Policy Deployement ...

1) My PIX 6.3 is having AAA Tacacs configuration , when I am using user:csm configured on ACS (Tacacs ) with SSH/Telent I am able to Login and do all editing in config.

2) But when I am using same user:csm through CSM 3.1 to deploy any Policy it gives me below error given . I have check with ACS policy no issue becuase through SSH /Telnet I am able to do all changes using same user:csm

pls suggest on same

COMMENT: BULK START

! COMMENT: Bulk request written; reading response...

! COMMENT: URL: https://172.16.10.3/config

Line# 2. (ERROR) Sent (Mon Feb 18 13:18:21 GMT+05:30 2008): access-list intdmz line 70 permit tcp host

172.16.2.141 host 172.16.8.1

Received (Mon Feb 18 13:18:21 GMT+05:30 2008): Command authorization failed

! COMMENT: Device reported error here and stopped accepting further commands

! COMMENT: BULK END

Note : I am attaching all configuration for ur reference

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ivillegas Fri, 02/22/2008 - 07:37

Are you integrating ACS with CSM. If you are using ACS.4x version then, it has two secret keys. One is for NDG and another one is for individual devices. Of the two,NDG secret key gets higher preference. so please check if NDG secret key is

identical with your CSM server secret key.

sachin.sg Wed, 02/27/2008 - 09:01

Thanks for replying

I have not integrated CSM 3.1 with ACS 4.1 .I am only using acs valid user i.e csm in CSM3.1 cerdentials .

But when I am doing ssh using putty from Windows 2003 Server machine on which CSM 3.1 install , I am able to make changes , but when Depolying the policies through CSM 3.1 getting error " Command Authorization Failed"

I am able to depoly policies on Router , but failed to Deploy on PIX 6.3(5)

Pls help me out on same

Actions

This Discussion