Cisco ASA- ACS 4.2

Answered Question
May 2nd, 2012

Hi,

I have cisco asa 5580 software 8.2, transparent, multicontext. i am trying to add the context to ACS 4.2.

i have added the device name and ip to ACS

and use the following commands on ASA

aaa-server ACSSRV protocol tacacs+

aaa-server ACSSRV (management) host x.x.x.x

key hello

aaa authentication serial console ACSSRV LOCAL

aaa authentication enable console ACSSRV LOCAL

aaa authentication ssh console ACSSRV LOCAL

aaa authentication http console ACSSRV LOCAL

ssh to device ask for username and password which i passed normally, type enable it ask for password.

i put the same password it wont work i used local password it is not working, what should i do ????

thankssssssssssssssssss

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
wgnisshan Sun, 05/06/2012 - 09:26

acs box check the fail log. If max session

Step 1 In the navigation bar, click Group Setup.

The Group Setup Select page opens.

Step 2 From the Group list, select a group, and then click Edit Settings.

The name of the group appears at the top of the Group Settings page.

Step 3 In the Max Sessions table, under Sessions available to group, select one of the following options:

•Unlimited—Allows this group an unlimited number of simultaneous sessions. (This action effectively disables Max Sessions.)

•n—Type the maximum number of simultaneous sessions to allow this group.

Step 4 In the lower portion of the Max Sessions table, under Sessions available to users of this group, select one of the following two options:

•Unlimited—Allows each individual in this group an unlimited number of simultaneous sessions. (This action effectively disables Max Sessions.)

•n—Type the maximum number of simultaneous sessions to allow each user in this group.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/g.html

Sent from Cisco Technical Support iPad App

alkabeer80 Sun, 05/06/2012 - 20:47

Hi nishan,

all of the config u mentioned is there, plz check below screenshot

i did debug aaa for ASA from console connection, i got "Restting 10.1.1.1 numtries" (10.1.1.1 is the IP of tacacs server)

maldehne Mon, 05/14/2012 - 00:09

Under the user settings there is an option to specify against what to check the enable password

either using the same pap password defined for the user account or spearate one or another defined on external

database.

Check this link and let me know how it goes and what do you have:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/UsrMgt.html#wp273989

If it is still  filing what is the reason for failure in the failed attempts

Actions

Login or Register to take actions

This Discussion

Posted May 2, 2012 at 10:23 PM
Stats:
Replies:7 Avg. Rating:5
Views:1304 Votes:0
Shares:0

Related Content

Discussions Leaderboard