2x 3030 Concentrators ver 4.7
I am having problems with admin access to our backup VPN c3030 via TACACS.
Scenario: We have one live and one backup c3030. They will be configured to VRRP failover in the event of a failure on the live c3030. The live c3030 is enabled on TACACS and all access is fine.
As per the cisco doc here :
...privilege level is set to 15 on the admin user on the c3030 and also on the TACACS group, as I said - all is working fine on the live c3030.
I have now added the backup c3030 to the same TACACS Network Device Group and configured the c3030 with the exact same ACS configuration as the live c3030. We can login to the backup c3030 via TACACS, we just can't access the admin section and get the "You do not have sufficient authorization to access the specified page." error.
This has been puzzling me for quite some time, there is nothing I can find on the web and short of wiping the backup c3030 and starting again I'm not that sure there is anything we can do?
Hopefully someone out there has come across this problem?
What I wanted to make sure was, when we are trying to log into VPNC(backup), in Pass logs we are getting NAS IP address as the Private interface IP on ACS reports. Is it is, then it is good.
This might sound weird, if you have multiple local user on VPNC with "same" privilege level, change them to different privilege level, and keep admin as 15. And then try again. I think you should have console access, to do it ?
Please rate if it helps!