03-07-2008 01:56 AM - edited 03-10-2019 03:42 PM
Hi,
I have configured authentication and authorization on PIX6.3.5, I use Cisco ACS4.1, but I do not have executed commands in "TACACS administration" log.
Can you help me?
Thanks
Peter
03-07-2008 06:15 AM
Command accounting logs are stroed in tacacs administration logs. Also there is a known issue on ver 4.1.1 and we need to apply patch ACS 4.1.1.23.5 to fix the issue.
Patch for appliance is available on
http://www.cisco.com/cgi-bin/tablebuild.pl/acs-soleng-3des
Patch name : ACS SE 4.1.1.23.5 accumulative patch
Patch for acs windows is available on
http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des
Patch Name : ACS 4.1.1.23.5 accumulative patch
Regards,
~JG
Do rate helpful posts
03-07-2008 06:44 AM
Thanks, I have patch applied.
It looks like is a problem of PIX configuration, I did not find relevant accounting command for PIX 6.3.5
Peter
03-07-2008 07:01 AM
Peter,
On pix 6.x version aaa accounting for management traffic cannot be configured and only accounting for pass through traffic is supported.
However, aaa accounting for management traffic as well as pass through traffic is supported on pix 7.x.
Regards,
~JG
03-12-2008 06:50 AM
Hi JG,
I configured AAA Authentication & authorization in firewall but it works only for local username/password. PIX version 7.2(2) and ACS-SE 4.1.
Following is my configuration
XXX-PIX515(config)# sh run aaa-server
aaa-server VPN protocol radius
accounting-mode simultaneous
aaa-server VPN host 172.20.20.11
key XXXX
aaa-server VPN host 172.20.20.12
key XXXX
aaa-server my-group protocol tacacs+
aaa-server my-group host 172.20.20.11
key XXX
aaa authentication telnet console my-group LOCAL
aaa authentication enable console my-group LOCAL
aaa authorization command my-group LOCAL
aaa accounting command privilege 15 my-group
Note: Also I have RADIUS as same ACS for my VPN access and I add it as RADIUS client with different key. Moreover I could not see any failed logs on ACS. It works fine with local authorization.
Can you tell me why I cant authenticate and authorize with TACACS+ server.
Thanks in advance
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: