HELP NEEDED on Dial-in with ACS (Tacacs+)

Unanswered Question
Mar 20th, 2004
User Badges:

Hi Gurus,


I have a network design,


ACS---PIX----PIX---NAS---DIal-in


When the user try to dial-in to the NAS router the error msg (attached). The ACS has been configure with the NAT eth0/0 and hostname also the tacacs+ key from the NAS Router. I could not found any referrence for the error msg from the cisco.com. Please help gurus.


Thanks in Advance.


HATO




Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lgijssel Sun, 03/21/2004 - 13:00
User Badges:
  • Red, 2250 points or more

In this situation, you should always use a static one-to-one IP adress translation. Using PAT (overloaded NAT) instead of true NAT will cause you trouble.

From the info that was given, it is not clear how things are set up.


Regards,

Leo

j.hato Mon, 03/22/2004 - 01:16
User Badges:

Hi Leo,


Thanks for the reply. The network would be:


acs (net 172.16.1.12)---PIX(10.0.20.1/28)-----(10.0.20.32/28)PIX----NAS Router (Fa0/0 192.168.0.1)--Dial-in User.


NOTE:

--Between PIX there has to be 2 network coz go through service provider

--You're right the Fa0/0 has being NAT-ed to 10.0.20.46.

--I can ping from NAS Router to ACS server

--The ACS has being NAT-ed to 10.0.20.20

--The Dial-in user on succeed dialed would be given to IP network 192.168.0.xxx then NAT-ed to 10.0.20.xxx (but the dial having a problem which is shown at the attachment)

-- I have point the NAT-ed ACS server at the NAS Router as TACAC+ server host


Thank u


HATO

j.hato Wed, 03/24/2004 - 17:53
User Badges:

Solved,


Thanks LEO just find the solution. Acctually the session was block at the PIX1 and PIX2.

Actions

This Discussion