Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

configuring tacacs+ in pix515e


Please help me to configure the tacacs in PIX 515E firewall.


Re: configuring tacacs+ in pix515e


Are you looking for commands ? If that is the case then here it is,

PIX ( CODE 6.3.4 )

username Test password cisco

username Test privilege 15

aaa-server TACACS protocol tacacs+

aaa-server TACACS (outside) host cisco timeout 10

aaa authentication http console TACACS LOCAL

aaa authentication ssh console TACACS LOCAL

aaa authentication telnet console TACACS LOCAL

aaa authentication enable console TACACS LOCAL

Hope that helps !



Note: If that answers your question, then please mark this thread as resolved, so that others can benefit from it.

New Member

Re: configuring tacacs+ in pix515e

Hello. If I wanted to configure the PIX for authentication from an ACS server, what else would I need apart from the following:

aaa-server Admin-FW protocol tacacs+

aaa-server Admin-FW max-failed-attempts 3

aaa-server Admin-FW deadtime 10


aaa-server Admin-FW (inside) host access timeout 10


aaa authentication serial console Admin-FW

aaa authentication telnet console Admin-FW

aaa authentication ssh console Admin-FW

AFAIK, I have not specified what IP addresses that someone can telnet from to log onto the PIX. I have tried the following, but I'm sure I haven't provided the correct statements:

aaa authentication include telnet inside Admin-FW

... and I get a Username / Password prompt on the PIX but it keeps asking for a username and password. I know my TACACS account is fine since I can log onto routers with the same details as what I am using to authenticate to the PIX.

I also ran a debug on the PIX when I was trying to authenticate. The output is attached.

The PIX is a 515E 6.3(5).