I am not sure that I fully understand your question. When you say: when one of the tacscs servers are down, the router takes always the first, are you saying that if the first server is down that it does not authenticate with the second server?
Can you verify that there is successful connectivity from the router to the second server?
Can you tell whether requests from the router get to the second server? One way to determine this is to look in the logs of the server - especially in the failed attempts report.
Can you verify that the second server has a correct definition of the router (including the correct key)?
If you have run debug it would be helpful to see that output. Can you post that output? (If you are reluctant to post the debug output for some reason you could email it to me - my address is in my profile)
It is helpful to know that if the second server is defined first that it works. This answers very well the questions about connectivity, about proper configuration, etc. If the request got to the server it should work.
It may also be helpful to clarify the failure mode. When you say the server is down, can we be more specific: is the server shut down, network connection unplugged, is the service stopped, is some process within the service stopped? I have recently encountered a situation which may be very similar. I do not know if your issue is the same. We have routers with 2 servers configured and usually the redundancy works fine. But we encountered a situation where a process within the TACACS service was stopped. The IOS sends an authentication transaction to TACACS and TACACS sends an error response (AUTH server not available) and IOS does not go to the second server. This seems to be the behavior in 12.3 but not in earlier code. We are still looking for a workaround. If we find one I will post it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...