cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3882
Views
0
Helpful
7
Replies

TACACS Authentication not working with ASA

dennismatz
Level 1
Level 1

I have an ACS 4.1 Windows server running TACACS. It si working on all devices within the enterprise except for one new ASA at a remote site. There is no NAT going on or anything and the ASA can ping the ACS box and the ACS box can ping the ASA.

I added the configuration below but the authentication fails and no requests come to the ACS server

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ host 10.x.x.x

key password

aaa authentication ssh console TACACS+ LOCAL

aaa authentication enable console TACACS+ LOCAL

aaa authentication http console TACACS+ LOCAL

Any help would be greatly appreciated

7 Replies 7

Hi,

Is there any FW device in between which may be blocking the TACACS ports ?

Also run this test on the ASA box :-

myASA# test aaa-server authentication TACACS+ host 10.x.x.x

There are no firewalls in between the devices, I ran the test command and recieved the following:

ERROR: Authentication Server not responding: No error

Just to confirm - did you add the ASA box as AAA client on the ACS server and are you using the same KEY here in the ASA config?

hey can somebody help me also, iam also having the same probelm.

Please check shared secret key. Remember NDG key overwrites aaa client key.

Make sure acs should have correct ip address of asa in network configuration.

Do you see any hits on acs failed or passed attempts ? Also try increasing the tacacs timeout to 15 sec.

make sure the address you've added to ACS is the one the ASA is communicating from - in this case, it should be the interface closest to the ACS device.

The ASA which is experiencing issues connects to the subnet the ACS box is on over a IPSec tunnel. There are numerous other ASA configured just like this and they are configured with the inside IP address on the ACS server.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: