cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
397
Views
0
Helpful
3
Replies

PIX console login

alban.dani
Level 1
Level 1

I was handed over yesterday our Dr site and there is a PIX 515 installed there.

I switched it so it points to our tacacs+ server.

While I can ssh to its netowrk interface I keep failing the console logging!!!

here is the output:

DR-TERMSERVER#pix515

Trying pix515 (10.1.1.1, 2036)... Open

User Access Verification

Username: admin

Password:

Password: ********

Username: admin

Password: *******

Access denied.

DR.PIX515> en

Username: admin

Password: *******

Username: admin

Password: *******

Username: admin

Password: *******

Access denied.

DR.PIX515> en

My aaa config is:

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server TACACS+ (VPNDMZ) host R-UTIL1 key timeout 5

aaa-server TACACS+ (VPNDMZ) host V-MON1 key timeout 5

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

aaa authentication secure-http-client

aaa authentication ssh console TACACS+ LOCAL

aaa authentication http console TACACS+ LOCAL

aaa authentication enable console TACACS+ LOCAL

aaa authorization command TACACS+ LOCAL

What am I missing?

Does tacacs+ have a problem with the pix ( the cosultants were using ACS)

thank you ,

Alban

3 Replies 3

abdel_n
Level 1
Level 1

Hi Alban,

In the following two commands:

aaa-server TACACS+ (VPNDMZ) host R-UTIL1 key timeout 5

aaa-server TACACS+ (VPNDMZ) host V-MON1 key timeout 5

Did you omit the tacacs key intentionally? or forgot it, otherwise the authentication with TACSCS server will fail.

Also try to verify PIX address and the key at the TACACS server side.

I recommend you to try the command this will provide you detailed information about all traffic and events exchanged between the server and the PIX and you will see failed events.

zmohidee
Level 1
Level 1

Please try adding the following command and then check the Authentication

aaa authentication serial console TACACS+ LOCAL

andhoang
Level 1
Level 1

Try "enable_15"

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: