Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1002
Views
0
Helpful
1
Replies

ACS 5.3, ASA using TACACS+ forces to PAP?

sbrooke
Level 1
Level 1

‎07-27-2012 01:03 PM - edited ‎03-10-2019 07:21 PM

As the title says I'm trying to have an ASA (8.2.3) auth against an ACS 5.3 using TACACS+.  It only works if I have PAP enabled on the ACS.  Obviously this concerns me.  I've found the following reference in the configuration guides:

TACACS+ Server Support

The ASA supports TACACS+ authentication with ASCII, PAP, CHAP, and MS-CHAPv1.

I can't figure out how to make the ASA use MS-CHAPv1 though.  Seems like it should be pretty simple.

Incidentally I was having the same problem with VPN auth's using RADIUS but I was able to fix that by enabling the password management option which is only available in CHAPv2.  Seems that option isn't available under TACACS+.

Any suggestions?

Labels:
0 Helpful
1 Reply 1

Tim Glen
Cisco Employee
Cisco Employee

‎07-27-2012 03:06 PM

As far as I am aware the asa will only use PAP to authenticate console exec logins. I wish it used chap-v2.

Sent from Cisco Technical Support iPhone App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents