I see the aaa configuration includes the default method list and a localport method list. Can you clarify what uses the localport method list? make sure that your access attempts are not using this, since that would mean that they are using local authentication and not TACACS.
There are a couple of things to check which may help figure out the problem.
Can you verify connectivity from the 2960G to the TACACS server? It does not appear that you have specified the source address in the config, so you should determine which address the 2960G is using to get to the TACACS server and do an extended ping specifying the server as destination and specifying the source interface for the ping as whatever is the source for the TACACS packets.
Are the TACACS requests getting to the server? Can you check in the logs on the server and see if it recognizes the request? If you look in the failed attempts report do you see these requests? If so there should be an indication of why it failed. Common problems are requests coming from a source address different from what is configured for the device on the TACACS server or mismatched values for the shared key between the server and the device.
Please check on these and let us know what you find.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...