×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

TACACS+ authentication for IPSec does not work on routers running Cisco IOS version 12.3

Document

Wed, 07/22/2009 - 19:57
Jun 22nd, 2009
User Badges:
  • Gold, 750 points or more

Core issue

This issue occurs due to the presence of the Cisco bug ID CSCec59692.

Routers that terminate VPN client connections on Cisco IOS  12.3 code fail to authenticate users through TACACS+. The authentication of other users, such as dial-in users, functions fine to TACACS+. When requests leave the router to the TACACS+ server, the authentication does not fail.

This problem occurs in Cisco IOS 12.3 mainline and 12.3T-based codes. The current suspicion is that prior code is not affected. This issue is not observed on non-VPN traffic.

Refer to all affected versions for a list of other Cisco IOS versions that hit this bug.


Resolution

As a workaround, either use local authentication, or download and upgrade the Cisco IOS version to one of these versions:

  • 12.4(2.10)

  • 12.4(2.10)T
Loading.

Actions

This Document

Related Content