ASA 8.0 and Microsoft ISA (local user backup)

Unanswered Question
Mar 13th, 2008

What is the command so that when the username + password cannot be found in the microsoft isa server, the pix will look at the local database?

This command works in the router, but I cannot seem to find the equivlant for the pix.

aaa authentication login default local group tacacs+

Basically does the pix asa 8.0 support Multiple authorization commands?

Thank you very much for your help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Herbert Baerten Fri, 03/14/2008 - 04:35

On a router, "aaa authentication login default local group tacacs+ " will ALWAYS use the local user DB, never tacacs.

"aaa authentication login default group tacacs+ local" will first try tacacs and only if the tacacs server is not responding, use the local DB. Note that if the tacacs DOES respond but rejects the authentication attempt (user does not exist or wrong password), that the router will NOT use the local DB.

That said, on pix/asa you can do the same, e.g.:

aaa-server TPLUS protocol tacacs+

aaa-server TPLUS (management) host

aaa authentication telnet console TPLUS LOCAL



vtra Thu, 03/27/2008 - 12:06

Thank you very much, that helped a lot!


This Discussion