Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4471
Views
0
Helpful
4
Replies

Firewall authentication failing

Go to solution
ericohermoso
Level 1
Level 1

‎11-23-2010 05:30 AM - edited ‎03-10-2019 05:36 PM

Hello,

I have acs4.2, i configured Network Device Group for firewall. In my NDG I have 3 firewall. I configured my firewall just for basic authentication.

I enter 2 username/password in my acs.

1.For my first firewall- 2 username/password are working fine.

2. My second firewall-only one username/password is working.

3. My third firewall- both username/password is working.

Of course, all the firewall has the same configuraiton in terms of authentication. When I checked reports or the logs, it says AUTHEN OK.

What seems the problem of this.? Note. shared secret is all the same,NDG/AAA CLIENTS - Firewall.

thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cwallin
Level 1
Level 1

‎11-23-2010 05:34 AM

I would try to turn on "debug aaa" in all three firewalls and compare the output when you log on with a user that works, and a user that dont work.

Warning! Be careful when using debug commands, if the firewall is heavily loaded and you by accident turn on "debug all" you can cause big problems

View solution in original post

0 Helpful
4 Replies 4

Go to solution
cwallin
Level 1
Level 1

‎11-23-2010 05:34 AM

I would try to turn on "debug aaa" in all three firewalls and compare the output when you log on with a user that works, and a user that dont work.

Warning! Be careful when using debug commands, if the firewall is heavily loaded and you by accident turn on "debug all" you can cause big problems

0 Helpful

Go to solution
ericohermoso
Level 1
Level 1
In response to cwallin

‎11-23-2010 05:45 AM

Hello,

thanks for the reply. I tried already the debug aaa .... but it did not give me an output.

0 Helpful

Go to solution
cwallin
Level 1
Level 1
In response to ericohermoso

‎11-23-2010 06:01 AM

It didnt give you any output at all?

If so, I suspect you havent configured terminal logging, either do that or connect with a console cable.

If its a ASA box, more info @ http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_syslog.html

0 Helpful

Go to solution
ericohermoso
Level 1
Level 1
In response to cwallin

‎11-23-2010 07:43 AM

Hello,

Yes it didn't. Terminal monitor is also enabled. Maybe different command unlike the router. I'll try it again tomorrow.

I just wonder ACS gives me AUTHEN OK from the passed authentication and the firewall gives me also authentication successfull.

thanks and best regards.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents