I have managed to install and configure ACS 2.3.6 in a Solaris.
I am able to telnet in many diff routers such as 7004VXR, 3600, Catalyst Switces and so on. I am also able to telnet in both of our three GSRs. My problem is tha in the last GSR when I try to telnet, have debug tacacs on from a differenet vty, I get the error: CHECK KEYS. Well I did. I triple check them, I changed them in to something simple but still nothing. In this GSR we are running Version 12.0(21)ST1 IOS. I checked for bugs and etc but nothing...
Then I did something else. I put the same packet, ACS 2.3.6, in a W2K server and I finally was able to telnet. I know it's strange enough but if someone can give a clew I would appreciate it.
That's 4 the GSR. One other prob that I have, is that when I try to access my ACS from "web", in the ADVANCED mode, when the applet trys to load I get a "SECURITY ERROR" and I am logged off. I do http://my_server/cs.
I log in with username-passwd, and when I click in the ADVANCED MODE tab I get this error. The only way to do ADVANCED MODE settings is through an X-Client, directly in the server and not through any other desktop PC.
Re: ACS 2.3.(6) - Authentication prob on GSR 12012
Well finally I found the solutions by myself. I will just post them 4 future use.
Before I do this let me say something that we say here in Greece. It's an expression that says: RTFM. Wich means: ReadTheF****Manual. :-)
So, for the authentication prob on the GSR, it was a DNS prob. The ACS by it's self doesn't look for a DNS but the Solaris does. So if u have a wrong entry in your DNS you will never get authenticated. So the solution is either have correct entries in your DNS or disable DNS lookup in Solaris. In Solaris u can do this by editing the nsswitch.conf file and removing the entries where say dns.
For the ADVANCED mode, u must put an entry in the CSConfig.ini file that will tells wich clients are valid to do ADVANCED MODE configurations.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :