Unanswered Question
May 25th, 2009

after erasing the config file and reloading the pix, the following lines are missing from the show run:

Aaa-server TACACS+ max-failed-attempts 3

Aaa-server TACACS+ deadtime 10

Aaa-server RADIUS max-failed-attempts 3

Aaa-server RADIUS deadtime 10

If you try to add them the pix errors giving you syntax is incorrect.

I currently have 3 devices doing this.

they are all running 6.3.5

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

Do have a Tacacs and a Radius server in your environment? If not, it could be that they were once there and those commands entered, then removed. The point is, if you do not have the servers, these commands are irrelevant.

If you don't have the servers specified, you could experiment by doing the following.

aaa-server TACACS+ (inside) host thekey timeout 20

aaa-server RADIUS (inside) host thekey timeout 20

The above commands should be on one line. After that, you might be able to put the above commands in the config.

bdelgman1950 Mon, 05/25/2009 - 11:38

No I don't have a TACACS+ or Radius server these commands are native in the pix as they come from Cisco. Without these in the pixws they will not create a tunnel to our ASA5510.


This Discussion