Make sure that you have privilege level 15, for your account, as telnet can work without it, but for http its a must.
You can configure it for Group, under whihc you have your user account or per user basis too.
Select group > Edit Settings > TACACS+ section
Check "Shell" and "Privilege level" and in box in front of privilege level, put number "15".
Also if you have configured enable authentication via TACACS+ ,amake sure under your user account you have selected "Use CiscoSecure..." option under TACACS+ enable password if you have your account configured on ACS, of select other as appropriate.
Let me know if it helps :)
I suppose you have "ip http authentiaction aaa" command configured.
If you have, checked "shell", "privlege level" and set it to 15 and on user account you are using TACACS+ enable password, appropriately. Then I think you need to contact TAC, as you have set everything appropriately. In case its AP, then there's an option to cache username/password while authentication, as for HTTP access for AP, it requires username/password several times.
Rest seems to be okay...
Again make sure
-Shell is checked.
-Privilege level is checked and set to 15
-under user account, we are using TACACS+ enable password section appropriately (it should not be use seprate password with blank field)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...