I have a ASA 5555 Active/standby failover firewall. In which, the tacacs login for Active Firewall is successful. But, the tacacs login for Standby Firewall doesnt work. Its shows the username prompt, however cannot login.
After issuing test aaa authentication <server-group> host <ip-address> username user password pass command, it shows that "Authentication Server not responding; No error"
On packet capturing, I found that it Standby Firewall uses the Active Firewall IP to send the tacacs authentication packet on port 49. However, ACS Tacacs server doesn't show any passed attempts or failed attempts log in the particular time.
CISCO ACS is configured right and serves the other devices and the active firewall.
At standby Firewall, "show aaa-server" shows that the ACS server is active and timeout increases for every authentication.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...