I have looked through the file that you posted. While it does help to see part of the problem it does not have enough information for us to know quite what the issue is.
My first guess would be to check the IP addresses configured for the TACACS servers and verify that they are the correct addresses. I would then suggest checking IP connectivity between the router with a problem and the servers. You do specify in the config to source TACACS packets from loopback 0, so in checking connectivity be sure to source from loopback 0.
You might also look on the server and look in the failed attempts report to see if the server is seeing the authentication request and if so why it is not authenticated. In my experience a common reason for this problem is either that the address used on the TACACS server to identify the client is not the address that the client is using to source packets or that the key is not correctly configured.
You ask if password encryption could cause a problem like this. I have configured many routers for TACACS authentication and used password encryption on them and have never seen password encryption cause a problem. It might make it slightly harder to troubleshoot a problem when the key is not correct but is encrypted because you can not see the key value. But encryption does not cause the problem it only makes it slightly more difficult to recognize.
If these suggestions do not point you in the right direction then I would suggest that you run debug tacacs authentication and post the output.
Thnks for your feedback. Regarding Tacacs & Router reachability , I had already checked using loopback0 as a source.
Key : I had double checked key using getpass(used to Decrypt passwords). I had also reconfigured it. Hence its also not problem.
Actually problem is that Tacacs server is handel by customer & they don't seems expert. They are only tellming that Tacacs is receving request but its not recoznizing packets format coming from router.
As I need to take downtime for testing this setup , It will take sometime for me to get next window.
I do not understand what they mean about Tacacs is receving request but its not recoznizing packets format coming from router. Perhaps they can give you the exact error message from the TACACS server logs?
It sounds to me to be more of a problem on the server than it is on the router. But when you get your next testing window, running debug tacacs authentication might be helpful to verify what is happening on the router side.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...