Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ACS 5.3 / TACACS Proxy - no Source NAS IP Address

Hello,

i would like to use the ACS 5.3 as TACACS Proxy. Basically it works. But when checking the logs on the destination TACACS Server (ACS 4.2) i see that all requests (Source-NAs) came from the IP of the TACACS-Proxy. Not from the original source IP.

This is useless for my scenario, because on the destination TACACS Server the policies are built on the NetworkDevices Groups and AAA Clients = source IPs. Any idea how to solve this?

thanks for ideas / Karsten

2 REPLIES

ACS 5.3 / TACACS Proxy - no Source NAS IP Address

Karsten,

Are you running ACS for windows? If so, can you please run wireshark and take a capture of the tacacs packet? It does make sense that the ACS will proxy the request using itself as the source ip address, however I wonder if there is an attribute inside that we might be able to leverage.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*

ACS 5.3 / TACACS Proxy - no Source NAS IP Address

Hello Tarik,

i could do so, but i am afraid it would'nt help. Maybe there is somewhere an option in the TACACS Proxy which says "carry the original NAS IP"?

thnaks / Karsten

371
Views
0
Helpful
2
Replies