Thank u very much for submitting usefull information;
it is confirmed that i havd 6.3.5;
if in case AAA server didn't reply and v don't have any other local authetication method defined in that case how we would logged into PIX. could v exampt console logging from AAA authentication any way...?
In tacacs server is not available authentication process would fallback to the LOCAL database for authentication.
If you want to configure only telnet session to be authenticated from the tacacs server then use the following command.
aaa authentication console telnet tacacs+ LOCAL
However; you can replace "telnet" keyword with ssh or console, as per your requirement.
Above we have defined, if tacacs is not available try "LOCAL" database accounts for authentication. So make sure we have some users defined before you configure aaa authentication command in the PIX config.
In aaa authentication commad we have mentioned "telnet" which means tacacs authentication would only be enabled for the "telnet" sessions not for SSH or console access to the pix.
As per your kind information, if i want "vpdn" authentication and accounting i would only replace "telnet" to "vpdn". (i have configured vpdn for VPN terminations). if vpdn is not recognized key word for that please tel me how can i add vpdn authentication and accounting......
We cannot configure fallback authentication for the VPDN authentication. I wold suggest you to configure local authentication first and make sure that config is working, after that go ahead configure the radius authentication commands in the config. Here is the sample command for your reference.
vpdn group l2tpipsec client authentication aaa Radius
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...