Hi, I have looked around on the web but cannot seem to find an answer to this one.
I have a remote ASA5510 firewall which I need to manage via TACACS. The ASA connects to my core network via a VPN tunnel which terminates on a cisco 2811 router. The VPN is up and working fine.
When debugging the TACACS requests what appears to be happening is that the traffic is not getting decrypted as it passes through the cisco 2811 on its way to the TACACS host despite the crypto ACLs being correct on both the ASA and the 2811 to captue the traffic flows between the ASA's outside interface and the TACACS host. All other relevant access-list rules and ssh commands are in place.
Are there any funnies i need of be aware off when trying to get TACACS working over the VPN to the ASA?
Will the ASA actually encrypt the TACACS request as part of the VPN given it is sourcing the flow itself on its outside interface which is also the endpoint address of the VPN tunnel?
Thanks for looking.