11-05-2008 01:55 PM - edited 03-11-2019 07:08 AM
I have 2 firewalls that were upgrade from 6.3.5.125 to 6.3.5.145 due to a DNS vulnerability. After I upgrade it, I can loggin using SSH but when I issue enable, it request the password and just hangs in there, some time later it requests the password again and if I check the logs it just says: aaa server host machine not responding.
However if I turn on telnet, enable autentication works, and the other 10 firewalls in the code 6.3.5.125 works just fine with the same tacacs server
Please help
11-05-2008 08:48 PM
Hi,
I suggest you to check the logs on the tacacs server when trying to authenticate using ssh. Also please post the output of:
show run | inc aaa
11-14-2008 03:24 PM
there are no logs at the ACS when I issue the enable command and type the password just the firewall log saying that AAA SERVER is not reachable. Here is the sh run | in aaa:
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa-server APIX02 protocol tacacs+
aaa-server APIX02 max-failed-attempts 3
aaa-server APIX02 deadtime 10
aaa-server APIX02 (inside) host 10.X.X.X ZAQ12wsxkdC timeout 5
aaa authentication telnet console APIX02
aaa authentication enable console APIX02
aaa authentication ssh console APIX02
aaa authentication http console APIX02
but using telnet it gets the same message the other 8 firewalls that are using ssh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide