×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

12.4.8 vs. 12.4.6.T2

Unanswered Question

Hi

I have problem.

On 12.4.8 all works fine - but there is no aaa authentication login xauth passwd-expiry.

12.4.6.T2 have this funcionality - but:

When i connect from inside(lan) to outside(Inet) with ex. Kerio VPN i have stable tunnel but communication in this tunnel is breaking ("connection socket error" ect.). With the same configuration in 12.4.8 - all works fine.


Pleace tell me what is wrong ? How to fix it ?

("aaa authentication login xauth passwd-expiry" is necesary - router 2811/hsec/k9)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

The socket error seems to point toward an issue in the Tacacs+ server.

On the other side the Failed Attempt.csv file was showing that the attempt failed because the NAS

was "Unknown", which means that the Catalyst (or anyway the device from which connection was tried) was not correctly defined in the ACS. So the problem might be that, in which case have to check the NAS config in your ACS under

Network Configuration -> Network Device Groups. For example the IP address or the authentication protocol (tacacs, radius) might be misconfigured for that particular NAS.

Actions

This Discussion