Cisco Support Community
Community Member

PIX+AAA..simple issue

i have a pix 506(6.2) and cisco ACS 3.0 windows2000 server with sp4, my only issue is that when i configure PIX ,basically from PDM and i make a simple username say X and put the password in the first password box for cisco secure database which says " Cisco secure for PAP " , and when i do http the authentication prompt appears and after putting name/password it pops 3 times in 10 seconds and then says AUTH failed...where am i going wrong fancy features..just BASIC user just wont go. im missing soem small loop...thanx in advance..


Community Member

Re: PIX+AAA..simple issue

advisable u attach ur PIX config so u can get a precise answer.

Community Member

Re: PIX+AAA..simple issue

heres my config:

nameif ethernet0 inside security100

nameif ethernet1 outside security0

enable password xxxx

enable password xxxx

passwd xxx

hostname PIX-506


fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000


access-list inside_authentication_AAA-PIX permit tcp any

access-list inside_authorization_AAA-PIX permit tcp any

access-list inside_accounting_AAA-PIX permit tcp any

pager lines 24

logging on

logging timestamp

logging trap informational

logging host inside

no logging message 106015

no logging message 302014

interface ethernet0 10full

interface ethernet1 10full

mtu inside 1500

mtu outside 1500

ip address inside

ip address outside

ip audit info action alarm

ip audit attack action alarm

pdm location inside

pdm location inside

pdm location inside

pdm logging notifications 100

pdm history enable

arp timeout 14400

global (outside) 1 netmask

nat (inside) 1 0 0

conduit permit icmp any any echo-reply

route outside 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si

p 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si

p 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

aaa-server AAA-PIX protocol tacacs+

aaa-server AAA-PIX (inside) host cisco timeout 30

url-server (inside) vendor websense host timeout 30 protocol TCP version1

url-cache src_dst 128KB

aaa authentication http console LOCAL

aaa authentication match inside_authentication_AAA-PIX inside AAA-PIX

aaa authorization match inside_authorization_AAA-PIX inside AAA-PIX

aaa accounting match inside_accounting_AAA-PIX inside AAA-PIX

filter url http longurl-truncate

http server enable

http inside

http inside

snmp-server host inside trap

no snmp-server location

no snmp-server contact

snmp-server community XXXXXX

snmp-server enable traps

floodguard enable

sysopt uauth allow-http-cache

sysopt route dnat

auth-prompt prompt Whey u DEY GO????

auth-prompt accept Hollaa!!!!

auth-prompt reject Sorryoooo!!!

telnet inside

telnet timeout 5

ssh timeout 5

dhcpd dns

username xxx password xxxxx

privilege 2

terminal width 80


: end



Community Member

Re: PIX+AAA..simple issue still waiting for a working AAA solution to my problem..dont let me down

CreatePlease to create content