ACS 5.3 / TACACS Proxy - no Source NAS IP Address

Unanswered Question
Aug 2nd, 2012
User Badges:

Hello,


i would like to use the ACS 5.3 as TACACS Proxy. Basically it works. But when checking the logs on the destination TACACS Server (ACS 4.2) i see that all requests (Source-NAs) came from the IP of the TACACS-Proxy. Not from the original source IP.


This is useless for my scenario, because on the destination TACACS Server the policies are built on the NetworkDevices Groups and AAA Clients = source IPs. Any idea how to solve this?


thanks for ideas / Karsten

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Tarik Admani Thu, 08/02/2012 - 22:35
User Badges:
  • Green, 3000 points or more

Karsten,


Are you running ACS for windows? If so, can you please run wireshark and take a capture of the tacacs packet? It does make sense that the ACS will proxy the request using itself as the source ip address, however I wonder if there is an attribute inside that we might be able to leverage.


Thanks,


Tarik Admani
*Please rate helpful posts*

Karsten Jaschul... Thu, 08/02/2012 - 23:28
User Badges:

Hello Tarik,


i could do so, but i am afraid it would'nt help. Maybe there is somewhere an option in the TACACS Proxy which says "carry the original NAS IP"?


thnaks / Karsten

Actions

This Discussion