PIX6.3.5, ACS4.1, TACACS Administration EMPTY

Unanswered Question
Mar 7th, 2008


I have configured authentication and authorization on PIX6.3.5, I use Cisco ACS4.1, but I do not have executed commands in "TACACS administration" log.

Can you help me?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
Jagdeep Gambhir Fri, 03/07/2008 - 06:15

Command accounting logs are stroed in tacacs administration logs. Also there is a known issue on ver 4.1.1 and we need to apply patch ACS to fix the issue.

Patch for appliance is available on


Patch name : ACS SE accumulative patch

Patch for acs windows is available on


Patch Name : ACS accumulative patch



Do rate helpful posts

pslavkovsky Fri, 03/07/2008 - 06:44

Thanks, I have patch applied.

It looks like is a problem of PIX configuration, I did not find relevant accounting command for PIX 6.3.5


Jagdeep Gambhir Fri, 03/07/2008 - 07:01


On pix 6.x version aaa accounting for management traffic cannot be configured and only accounting for pass through traffic is supported.

However, aaa accounting for management traffic as well as pass through traffic is supported on pix 7.x.



pemasirid Wed, 03/12/2008 - 06:50

Hi JG,

I configured AAA Authentication & authorization in firewall but it works only for local username/password. PIX version 7.2(2) and ACS-SE 4.1.

Following is my configuration

XXX-PIX515(config)# sh run aaa-server

aaa-server VPN protocol radius

accounting-mode simultaneous

aaa-server VPN host

key XXXX

aaa-server VPN host

key XXXX

aaa-server my-group protocol tacacs+

aaa-server my-group host

key XXX

aaa authentication telnet console my-group LOCAL

aaa authentication enable console my-group LOCAL

aaa authorization command my-group LOCAL

aaa accounting command privilege 15 my-group

Note: Also I have RADIUS as same ACS for my VPN access and I add it as RADIUS client with different key. Moreover I could not see any failed logs on ACS. It works fine with local authorization.

Can you tell me why I cant authenticate and authorize with TACACS+ server.

Thanks in advance


This Discussion