ACS 5.3 / TACACS Proxy - no Source NAS IP Address

Unanswered Question
Aug 2nd, 2012

Hello,

i would like to use the ACS 5.3 as TACACS Proxy. Basically it works. But when checking the logs on the destination TACACS Server (ACS 4.2) i see that all requests (Source-NAs) came from the IP of the TACACS-Proxy. Not from the original source IP.

This is useless for my scenario, because on the destination TACACS Server the policies are built on the NetworkDevices Groups and AAA Clients = source IPs. Any idea how to solve this?

thanks for ideas / Karsten

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Tarik Admani Thu, 08/02/2012 - 22:35

Karsten,

Are you running ACS for windows? If so, can you please run wireshark and take a capture of the tacacs packet? It does make sense that the ACS will proxy the request using itself as the source ip address, however I wonder if there is an attribute inside that we might be able to leverage.

Thanks,

Tarik Admani
*Please rate helpful posts*

xgadkjasch Thu, 08/02/2012 - 23:28

Hello Tarik,

i could do so, but i am afraid it would'nt help. Maybe there is somewhere an option in the TACACS Proxy which says "carry the original NAS IP"?

thnaks / Karsten

Actions

Login or Register to take actions

This Discussion

Posted August 2, 2012 at 10:23 PM
Stats:
Replies:2 Avg. Rating:
Views:313 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard