We have configured our PIX firewalls to authenticate/authorize against our ACS server. We are experiencing an intermediate issue with putting more commands in the firewalls. The authentication itself is hanging as well and it takes a long time (roughly a minute) before we can get in. Then if we try to enter more commands the screen just hangs. Again, there are no disconnects or timeouts. It seems to me like the PIX is taking a huge amount of time before it authorizes the command. These issues occur after we enter few commands in the firewall.
We are running 6.3 version on the PIX so it is a very old version. Before we blame the PIX I would like to ask about the warning I have mentioned in the name of the thread. I have tried to search for ACS 5.1 error codes, but it looks like there is no actual documentation with error descriptions and possible troubleshootings.
The only info ACS has is "TACACS+ authentication request switches from Login to Change Password functionality." Could somebody please explain to me what exactly is happening? I guess this is probably the result of those old PIX versions we have, but it would be nice to know what's "behind the scenes".
The ACS server itself runs without any issues (CPu around 5% and memory around 40%).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...