Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Firewall authentication failing

Hello,

I have acs4.2, i configured Network Device Group for firewall. In my NDG I have 3 firewall. I configured my firewall just for basic authentication.

I enter 2 username/password in my acs.

1.For my first firewall- 2 username/password are working fine.

2. My second firewall-only one username/password is working.

3. My third firewall- both username/password is working.

Of course, all the firewall has the same configuraiton in terms of authentication. When I checked reports or the logs, it says AUTHEN OK.

What seems the problem of this.? Note. shared secret is all the same,NDG/AAA CLIENTS - Firewall.

thank you.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Firewall authentication failing

I would try to turn on "debug aaa" in all three firewalls and compare the output when you log on with a user that works, and a user that dont work.

Warning! Be careful when using debug commands, if the firewall is heavily loaded and you by accident turn on "debug all" you can cause big problems

4 REPLIES
New Member

Re: Firewall authentication failing

I would try to turn on "debug aaa" in all three firewalls and compare the output when you log on with a user that works, and a user that dont work.

Warning! Be careful when using debug commands, if the firewall is heavily loaded and you by accident turn on "debug all" you can cause big problems

New Member

Re: Firewall authentication failing

Hello,

thanks for the reply. I tried already the debug aaa .... but it did not give me an output.

New Member

Re: Firewall authentication failing

It didnt give you any output at all?

If so, I suspect you havent configured terminal logging, either do that or connect with a console cable.

If its a ASA box, more info @ http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_syslog.html

New Member

Re: Firewall authentication failing

Hello,

Yes it didn't. Terminal monitor is also enabled. Maybe different command unlike the router. I'll try it again tomorrow.

I just wonder ACS gives me AUTHEN OK from the passed authentication and the firewall gives me also authentication successfull.

thanks and best regards.

161
Views
0
Helpful
4
Replies