My customer has an asa and want to do aaa authentication tacacs+. The ACS server however is accessible through an ipsec vpn tunnel terminating on the outside interface of the ASA.
Whenever a user logs into the ASA the request will be send out via the outside interface with the source ip address of the outside interface of the ASA thus not meeting my encryption list. How can I do this? I can not add the outside interface ip address to the encryption list. What I need is a command like: tacacs source ip adress a.b.c.d.