Enable authentication doesn't work after upggrading to 6.3.5.145

rgolcher · ‎11-05-2008

I have 2 firewalls that were upgrade from 6.3.5.125 to 6.3.5.145 due to a DNS vulnerability. After I upgrade it, I can loggin using SSH but when I issue enable, it request the password and just hangs in there, some time later it requests the password again and if I check the logs it just says: aaa server host machine not responding.

However if I turn on telnet, enable autentication works, and the other 10 firewalls in the code 6.3.5.125 works just fine with the same tacacs server

Please help

Fernando_Meza · ‎11-05-2008

Hi,

I suggest you to check the logs on the tacacs server when trying to authenticate using ssh. Also please post the output of:

show run | inc aaa

rgolcher · ‎11-14-2008

there are no logs at the ACS when I issue the enable command and type the password just the firewall log saying that AAA SERVER is not reachable. Here is the sh run | in aaa:

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

aaa-server APIX02 protocol tacacs+

aaa-server APIX02 max-failed-attempts 3

aaa-server APIX02 deadtime 10

aaa-server APIX02 (inside) host 10.X.X.X ZAQ12wsxkdC timeout 5

aaa authentication telnet console APIX02

aaa authentication enable console APIX02

aaa authentication ssh console APIX02

aaa authentication http console APIX02

but using telnet it gets the same message the other 8 firewalls that are using ssh