02-24-2009 01:05 PM - edited 03-10-2019 04:21 PM
We have quite a few ASA s with similar tacacs and crypto configs but yesterday we had issue with pix and we swapped pix with ASA 8.0(3) and tunnel is up and running but we are not able to login using tacacs even after the configs,, and i found a bug in cisco.com which asks us to use command " crypto map set reverse-route"
even after configuring it right,, am not able to,, login using tacacs,, can some tell me how to use this command or ,, any other way ?
thnx in advance
02-24-2009 01:09 PM
Ok so Local Device was swapped from PIX to ASA. What is the remote Device?
Could you show us the configs from both Ends of the tunnel?
02-24-2009 01:40 PM
we have a tunnel established with remote ASA and here are the configs related: let me know if ya need any hing,, thnx for replyin thgh
local device configs:
aaa-server
aaa-server
aaa authentication ssh console
aaa authentication http console
access-list
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map
crypto map
crypto map
crypto map
crypto map
crypto isakmp enable outside
crypto isakmp policy 20
crypto isakmp policy 65535
remote ASA
access-list
access-list
crypto map
crypto map
crypto map
crypto map
crypto map
crypto map
02-24-2009 02:07 PM
Sorry, the partial config does not help much...
Please try collecting these debugs from the local ASA:
debug aaa authentication
debug tacacs
Do you have connectivity (ping) from remote End to the Server behind the Local ASA?
Do you see any failed attempts on ACS?
02-24-2009 06:04 PM
It might be easier to check if
TACACS traffic is reaching the local Interface pointing to the ACS Server:
Step 1:
access-list captured permit tcp any any eq 49
Step 2:
capture tacacs access-list captured interface
To see the information:
Option A:
show capture tacacs
Option B:
https://
where
To remove the access-list:
clear configure access-list captured
To remove the Capture:
No capture tacacs
02-25-2009 06:28 AM
Thnx much sir,
Will do that and let u know if i need any thing,.
Thnx again for ur time and help
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: