I've setup my AAA config as follows "aaa authentication login default group tacacs+ enable". When I test config with SSH (ACS turned off)to the router I cannot login using the enable password. The same does not work when trying to connect with Con0. How can I correct this problem. Forum help is much appreciated, thanks all.
I agree that the configuration of aaa authentication login looks ok (I would probably use line as the alternative method instead of enable - but it should work with either) and that the issue is the configuration of authorization:
aaa authorization exec default group tacacs+
this provides no alternative method. And I suspect that if you look carefully at the error message when you attempt to login without TACACS the error is actually about authorization rather than about authentication. The suggestion of:
aaa authorization exec default group tacacs+ none
should be ok. I have used this way with success:
aaa authorization exec default group tacacs+ if-authenticated
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...