Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Enable authentication doesn't work after upggrading to

I have 2 firewalls that were upgrade from to due to a DNS vulnerability. After I upgrade it, I can loggin using SSH but when I issue enable, it request the password and just hangs in there, some time later it requests the password again and if I check the logs it just says: aaa server host machine not responding.

However if I turn on telnet, enable autentication works, and the other 10 firewalls in the code works just fine with the same tacacs server

Please help


Re: Enable authentication doesn't work after upggrading to 6.3.5


I suggest you to check the logs on the tacacs server when trying to authenticate using ssh. Also please post the output of:

show run | inc aaa

Community Member

Re: Enable authentication doesn't work after upggrading to 6.3.5

there are no logs at the ACS when I issue the enable command and type the password just the firewall log saying that AAA SERVER is not reachable. Here is the sh run | in aaa:

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

aaa-server APIX02 protocol tacacs+

aaa-server APIX02 max-failed-attempts 3

aaa-server APIX02 deadtime 10

aaa-server APIX02 (inside) host 10.X.X.X ZAQ12wsxkdC timeout 5

aaa authentication telnet console APIX02

aaa authentication enable console APIX02

aaa authentication ssh console APIX02

aaa authentication http console APIX02

but using telnet it gets the same message the other 8 firewalls that are using ssh

CreatePlease to create content