08-01-2007 02:40 PM - edited 03-10-2019 03:18 PM
We have several routers in the field that have DSL and use a VPN tunnel to get back to resources on the corporate network. I am trying to set up AAA on these routers to authenticate through our ACS server here, but I have been running into problems getting it to work..
As of now, we have router access via telnet into the outside IP address on the router. I have attempted to set up AAA with the outside address on the ACS server using TACACS+ and it still will not authenticate through the server, but I can still log in with the local username.
Any help to get this resolved would be appreciated.
08-01-2007 02:55 PM
Hi
run following debug and check where is the request going:
debug aaa authentication
debug tacacs
check failed attempts in ACS, if you are getting any hits on ACS
try following command to specify the interface to which ACS is connected
ip tacacs source interface
~Rohit
08-01-2007 03:29 PM
I just looked at our PIX and those packets are being denied to the TACACS server, so it looks like I have some work to do on that acl to let hose packets in.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: