Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

12.4.8 vs. 12.4.6.T2

Hi

I have problem.

On 12.4.8 all works fine - but there is no aaa authentication login xauth passwd-expiry.

12.4.6.T2 have this funcionality - but:

When i connect from inside(lan) to outside(Inet) with ex. Kerio VPN i have stable tunnel but communication in this tunnel is breaking ("connection socket error" ect.). With the same configuration in 12.4.8 - all works fine.

Pleace tell me what is wrong ? How to fix it ?

("aaa authentication login xauth passwd-expiry" is necesary - router 2811/hsec/k9)

1 REPLY
Silver

Re: 12.4.8 vs. 12.4.6.T2

The socket error seems to point toward an issue in the Tacacs+ server.

On the other side the Failed Attempt.csv file was showing that the attempt failed because the NAS

was "Unknown", which means that the Catalyst (or anyway the device from which connection was tried) was not correctly defined in the ACS. So the problem might be that, in which case have to check the NAS config in your ACS under

Network Configuration -> Network Device Groups. For example the IP address or the authentication protocol (tacacs, radius) might be misconfigured for that particular NAS.

191
Views
0
Helpful
1
Replies
CreatePlease to create content