TACACS via an ASA

Unanswered Question
Dec 29th, 2008
User Badges:

Is it possible for a Cisco device (router or switch) to authenticate to an ACS via an ASA utilizing a Network Address Translation. If so, what needs to be added to a config for this to take place.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Tue, 12/30/2008 - 05:55
User Badges:
  • Purple, 4500 points or more

Sure it can (we do it). You just need to translate from outside to inside. Here is an example, assume ACS is 192.168.1.10.


static (inside,outside) 192.168.1.10 access-list TACACS tcp 65535 10000


Since the static uses an ACL, here is that part as well-


access-list TACACS extended permit ip host 192.168.1.10 host [public IP]


The public IP in our case is the internet router and it requires a static route for the private IP pointing to the firewall.


Hope that helps.


Actions

This Discussion