cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
278
Views
0
Helpful
3
Replies

HELP NEEDED on Dial-in with ACS (Tacacs+)

j.hato
Level 1
Level 1

Hi Gurus,

I have a network design,

ACS---PIX----PIX---NAS---DIal-in

When the user try to dial-in to the NAS router the error msg (attached). The ACS has been configure with the NAT eth0/0 and hostname also the tacacs+ key from the NAS Router. I could not found any referrence for the error msg from the cisco.com. Please help gurus.

Thanks in Advance.

HATO

3 Replies 3

lgijssel
Level 9
Level 9

In this situation, you should always use a static one-to-one IP adress translation. Using PAT (overloaded NAT) instead of true NAT will cause you trouble.

From the info that was given, it is not clear how things are set up.

Regards,

Leo

Hi Leo,

Thanks for the reply. The network would be:

acs (net 172.16.1.12)---PIX(10.0.20.1/28)-----(10.0.20.32/28)PIX----NAS Router (Fa0/0 192.168.0.1)--Dial-in User.

NOTE:

--Between PIX there has to be 2 network coz go through service provider

--You're right the Fa0/0 has being NAT-ed to 10.0.20.46.

--I can ping from NAS Router to ACS server

--The ACS has being NAT-ed to 10.0.20.20

--The Dial-in user on succeed dialed would be given to IP network 192.168.0.xxx then NAT-ed to 10.0.20.xxx (but the dial having a problem which is shown at the attachment)

-- I have point the NAT-ed ACS server at the NAS Router as TACAC+ server host

Thank u

HATO

Solved,

Thanks LEO just find the solution. Acctually the session was block at the PIX1 and PIX2.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: