03-11-2008 07:35 AM - edited 03-10-2019 03:42 PM
I configured AAA authorization in the my firewall but it works only for local username/password. PIX version 7.2(2) and ACS-SE 4.1.
Following are the steps I did.
1. Configure AAA on PIX (attached)
2. Add PIX as AAA Client in ACS and selected as TACACS
3. Other setting in ACS as attached
Note: Also I have RADIUS as same ACS for my VPN access and I add it as RADIUS client with different key.Moreover I could not see any failed logs on ACS
Can anyone tell me why I cant authenticate and authorize with TACACS+ server. Please advise.
Thanks
03-11-2008 07:58 AM
Have you tried including commands to identify the type of traffic to be authenticated? Something along the lines of:
aaa authentication include telnet
aaa authorization include telnet
03-11-2008 11:15 AM
Hi,
Thanks for the reply. I only tried with general AAA commands, not with source/destination address.
I just need to know what could be the mistake in my configurations and why it did not authenticate/authorize with my tacacs server.
Please advise
thanks
03-11-2008 07:07 PM
Hi,
1.aaa authentication telnet console my-group LOCAL
aaa authentication enable console my-group LOCAL
These commands on pix are for telnet and enable only, if you are accessing the device thro SSH or console, this wouldnt work.
2.Also confirm if both the AAA servers hav the keys specified in the PIX config.
aaa-server my-group host 172.20.20.11
key XXXXXXXX <------------------------------ key
aaa-server my-group host 172.20.20.12
key cisco123
3.Also there are lots of timeouts, may be the PIX cant reach the server.
"Number of timeouts 153"
4.Do a "debug aaa [ accounting | authentication | authorization ] and check the logs.
Reg,
U
03-11-2008 10:07 PM
Hi U,
I configured telent and enable only. I'm trying to access thro telnet only. server keys are ok. only prob its seems that server is not responding and only authenticate with local username/password.
Any clue?
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide