Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
794
Views
0
Helpful
2
Replies

ACS 5.3 / TACACS Proxy - no Source NAS IP Address

Karsten Jaschultowski
Level 1
Level 1

‎08-02-2012 10:23 PM - edited ‎03-10-2019 07:22 PM

Hello,

i would like to use the ACS 5.3 as TACACS Proxy. Basically it works. But when checking the logs on the destination TACACS Server (ACS 4.2) i see that all requests (Source-NAs) came from the IP of the TACACS-Proxy. Not from the original source IP.

This is useless for my scenario, because on the destination TACACS Server the policies are built on the NetworkDevices Groups and AAA Clients = source IPs. Any idea how to solve this?

thanks for ideas / Karsten

Labels:
0 Helpful
2 Replies 2

Tarik Admani
VIP Alumni
VIP Alumni

‎08-02-2012 10:35 PM

Karsten,

Are you running ACS for windows? If so, can you please run wireshark and take a capture of the tacacs packet? It does make sense that the ACS will proxy the request using itself as the source ip address, however I wonder if there is an attribute inside that we might be able to leverage.

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful

Karsten Jaschultowski
Level 1
Level 1
In response to Tarik Admani

‎08-02-2012 11:28 PM

Hello Tarik,

i could do so, but i am afraid it would'nt help. Maybe there is somewhere an option in the TACACS Proxy which says "carry the original NAS IP"?

thnaks / Karsten

0 Helpful
Customers Also Viewed These Support Documents