Configuring PIX as Blocking Device w/TACACS+ Authentication
I have a PIX running version 6.3(1). The PIX is configured to use a CSACS 3.1 Server for AAA Authentication and Authorization over TACACS+. The sensor is running 4.0(2)Sig46.
Before adding AAA to the PIX, the sensor was able to connect and set up shuns correctly. Since adding the AAA configuration to the PIX, I've been unable to get the sensor to connect to the PIX for shunning.
I created a login/password with admin rights for the IDS Sensor to connect for creating shuns. I able to manually authenticate and build shuns over both a Telnet and SSH connection using this login. I have tried deleting and re-adding the blocking device several times.
When I configure the PIX as a Telnet blocking device, I see the Net Device State as "initializing" when looking at the statistics in the IDM. When I configure the PIX as an SSH-DES blocking device, I see the state as "Inactive".
Please let me know if you have any suggestions - if not I guess I'll open a case with TAC. Thanks in advance for the assistance!
Re: Configuring PIX as Blocking Device w/TACACS+ Authentication
OK, I have tried this. I have also tried setting the TACACS user password and enable password to mirror the basic password and enable password on the PIX. I am still seeing the same "initializing" state when I check on the status through the IDM.
Do you have any other suggestions? I've tried the configuration through the IDS MC and more directly through the IDM. I see the same status regardless.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...