Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

TACACS via an ASA

Is it possible for a Cisco device (router or switch) to authenticate to an ACS via an ASA utilizing a Network Address Translation. If so, what needs to be added to a config for this to take place.

1 REPLY

Re: TACACS via an ASA

Sure it can (we do it). You just need to translate from outside to inside. Here is an example, assume ACS is 192.168.1.10.

static (inside,outside) 192.168.1.10 access-list TACACS tcp 65535 10000

Since the static uses an ACL, here is that part as well-

access-list TACACS extended permit ip host 192.168.1.10 host [public IP]

The public IP in our case is the internet router and it requires a static route for the private IP pointing to the firewall.

Hope that helps.

124
Views
0
Helpful
1
Replies