Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
495
Views
0
Helpful
3
Replies

aaa-server

bdelgman1950
Level 1
Level 1

‎05-25-2009 11:12 AM

after erasing the config file and reloading the pix, the following lines are missing from the show run:

Aaa-server TACACS+ max-failed-attempts 3

Aaa-server TACACS+ deadtime 10

Aaa-server RADIUS max-failed-attempts 3

Aaa-server RADIUS deadtime 10

If you try to add them the pix errors giving you syntax is incorrect.

I currently have 3 devices doing this.

they are all running 6.3.5

Labels:
0 Helpful
3 Replies 3

paul
Level 1
Level 1

‎05-25-2009 11:27 AM

Do have a Tacacs and a Radius server in your environment? If not, it could be that they were once there and those commands entered, then removed. The point is, if you do not have the servers, these commands are irrelevant.

If you don't have the servers specified, you could experiment by doing the following.

aaa-server TACACS+ (inside) host 10.1.1.10 thekey timeout 20

aaa-server RADIUS (inside) host 10.1.1.10 thekey timeout 20

The above commands should be on one line. After that, you might be able to put the above commands in the config.

0 Helpful

bdelgman1950
Level 1
Level 1
In response to paul

‎05-25-2009 11:38 AM

No I don't have a TACACS+ or Radius server these commands are native in the pix as they come from Cisco. Without these in the pixws they will not create a tunnel to our ASA5510.

0 Helpful

paul
Level 1
Level 1
In response to bdelgman1950

‎05-25-2009 11:57 AM

You would have an extremely unique configuration for that to keep an l2l tunnel from coming up. My guess I'd that you are missing your ore shared key. It was likely hidden in the original config.

0 Helpful
Customers Also Viewed These Support Documents