×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PIX console login

Unanswered Question
Sep 22nd, 2006
User Badges:

I was handed over yesterday our Dr site and there is a PIX 515 installed there.

I switched it so it points to our tacacs+ server.


While I can ssh to its netowrk interface I keep failing the console logging!!!


here is the output:


DR-TERMSERVER#pix515

Trying pix515 (10.1.1.1, 2036)... Open



User Access Verification


Username: admin

Password:

Password: ********

Username: admin

Password: *******

Access denied.

DR.PIX515> en

Username: admin

Password: *******

Username: admin

Password: *******

Username: admin

Password: *******

Access denied.

DR.PIX515> en


My aaa config is:


aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server TACACS+ (VPNDMZ) host R-UTIL1 key timeout 5

aaa-server TACACS+ (VPNDMZ) host V-MON1 key timeout 5

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

aaa authentication secure-http-client

aaa authentication ssh console TACACS+ LOCAL

aaa authentication http console TACACS+ LOCAL

aaa authentication enable console TACACS+ LOCAL

aaa authorization command TACACS+ LOCAL


What am I missing?

Does tacacs+ have a problem with the pix ( the cosultants were using ACS)


thank you ,

Alban

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
abdel_n Sun, 09/24/2006 - 04:36
User Badges:

Hi Alban,

In the following two commands:


aaa-server TACACS+ (VPNDMZ) host R-UTIL1 key timeout 5

aaa-server TACACS+ (VPNDMZ) host V-MON1 key timeout 5


Did you omit the tacacs key intentionally? or forgot it, otherwise the authentication with TACSCS server will fail.

Also try to verify PIX address and the key at the TACACS server side.


I recommend you to try the command this will provide you detailed information about all traffic and events exchanged between the server and the PIX and you will see failed events.


zmohidee Wed, 09/27/2006 - 16:29
User Badges:

Please try adding the following command and then check the Authentication


aaa authentication serial console TACACS+ LOCAL

Actions

This Discussion